IETF Logo Mail Archive

Re: [Acme] [Technical Errata Reported] RFC8555 (5861)

Seo Suchan <tjtncks@gmail.com> Wed, 03 January 2024 14:18 UTC

Return-Path: <tjtncks@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86867C33946F for <acme@ietfa.amsl.com>; Wed, 3 Jan 2024 06:18:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.602
X-Spam-Level:
X-Spam-Status: No, score=-6.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0YSfn21ce5wO for <acme@ietfa.amsl.com>; Wed, 3 Jan 2024 06:18:38 -0800 (PST)
Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BCA4C338951 for <acme@ietf.org>; Wed, 3 Jan 2024 06:18:38 -0800 (PST)
Received: by mail-pg1-x536.google.com with SMTP id 41be03b00d2f7-5cda24a77e0so3590853a12.2 for <acme@ietf.org>; Wed, 03 Jan 2024 06:18:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1704291517; x=1704896317; darn=ietf.org; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:user-agent:subject:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=pWr32AuzNG8QEW3S78i/OAWv0NOurgxfCSl8O9f8N68=; b=Hu4lyqYwFjcy3d4oxyMRLGTaFBg6MVlard5fA+mHxgnNrOST2QFDRtUCza4WzY/Kk6 qYhsoozcj2AnNg7wktKvjrdFr5fvIVXPAqNcYc7dfZMLW5F0B+rZhbcPxwd2W6pJ0/XP 2g4F4Qlfdu5/8cfGiHpgjDUIcDwnckakbgFv3ftTLATBwL3SXiFgmgnBs1ztCpSwBhaG Bh8gaQP7NtRV6bjc3S24SAZXOwER+8E4HfqztNG3nEUv+DmcgMoMVoHux+JEXCpw8u2a MYuI1U36mnCAHB8VLG4feaUpkZRQurFf++d/Jeq6ZblQTQmfWCJA0vMsPnkIsHzN1j/5 l20w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704291517; x=1704896317; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:user-agent:subject:to:from:date:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=pWr32AuzNG8QEW3S78i/OAWv0NOurgxfCSl8O9f8N68=; b=oiMJFWx5f3JYmMKQLfOs4yhQ+UV4uQ4FWQ3Mjv1r5gAmgL6uhow5zPzbZ/B4pedfKB JfAAzsVCNiGnpT5IOXfvHjE7yVHcQ/xtPWFbIfPMaCzI3YqU7d0AijxCKhubp0ElkW0V coP5ZW/JNcEKAWoT/uzZpCj8bu9TRuq7vY6sqccocuHxeolSZ4ZVBWroZxDFL8rassbH H2Qzp6yShFYOxGn6olzn5x7JVTjstjHip1VmUk5IXemEEThbcwVfSJNePm40bU9dI7Am qWD3aVQ9a50bGIJox6mgA/Wg+bTVgkye/X1Ezwa4bJi6kUirOJ/PDQzRxVuAzlesalat TaFA==
X-Gm-Message-State: AOJu0Yz43L1noxXNKU9QCNY0+Asizah7aPoGQ3cOfffo7EDlu9D20lOl 3Ca/Iwsi3L3blP3WLywiOz6wUD70ll8=
X-Google-Smtp-Source: AGHT+IGzflHA7DKbJ6rCGdoumYLBxVcBZ2cN4k2k14tUvC4kIV/43B7QA9TUzjNwC39EsUgtfZ8CuA==
X-Received: by 2002:a05:6a21:3296:b0:196:27ff:b691 with SMTP id yt22-20020a056a21329600b0019627ffb691mr5719451pzb.86.1704291517135; Wed, 03 Jan 2024 06:18:37 -0800 (PST)
Received: from ?IPv6:::1? ([2406:5900:1038:12bf:c861:d965:4cd9:8ddf]) by smtp.gmail.com with ESMTPSA id d12-20020a631d0c000000b005cdc081bd2asm22172018pgd.24.2024.01.03.06.18.35 for <acme@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 03 Jan 2024 06:18:35 -0800 (PST)
Date: Wed, 03 Jan 2024 23:18:31 +0900
From: Seo Suchan <tjtncks@gmail.com>
To: acme@ietf.org
User-Agent: K-9 Mail for Android
In-Reply-To: <CAGgd1OfecWRy4wZwLoBhzQKYNY8_hbQ2EN+CHdWtNffyc7k5MQ@mail.gmail.com>
References: <20190923103508.6D126B80D81@rfc-editor.org> <CAGgd1OfecWRy4wZwLoBhzQKYNY8_hbQ2EN+CHdWtNffyc7k5MQ@mail.gmail.com>
Message-ID: <F4B8D570-824D-4805-88DC-8311174C30CD@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----HIQ5GYP9UB80Q89JM7OWQ8JUBC8ZM7"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/Zh8pDpx783FlU_Xd8jfWIQ73QTI>
Subject: Re: [Acme] [Technical Errata Reported] RFC8555 (5861)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jan 2024 14:18:42 -0000

Think it should limit to authz with valid or pending state, and for same account. Finalized auths are still exsit on server; and other accounts may have auth for it

On 2024년 1월 3일 오후 8시 36분 37초 GMT+09:00, Deb Cooley <debcooley1@gmail.com> 작성함:
>Happy New Year!
>
>I'm going through acme's errata.  This one was reported, but crickets on
>any responses from the authors (or others).  It looks like a sensible
>addition to me, but I'd like confirmation.
>
>Thanks
>Deb
>
>On Mon, Sep 23, 2019 at 8:50 AM RFC Errata System <rfc-editor@rfc-editor.org>
>wrote:
>
>> The following errata report has been submitted for RFC8555,
>> "Automatic Certificate Management Environment (ACME)".
>>
>> --------------------------------------
>> You may review the report below and at:
>> https://www.rfc-editor.org/errata/eid5861
>>
>> --------------------------------------
>> Type: Technical
>> Reported by: owen friel <ofriel@cisco.com>
>>
>> Section: 7.4.1
>>
>> Original Text
>> -------------
>>
>>
>> Corrected Text
>> --------------
>> If a server receives a newAuthz request for an identifier where the
>> authorization object already exists, whether created by CA provisioning on
>> the ACME server or by the ACME server handling a previous newAuthz request
>> from a client, the server returns a 200 (OK) response with the existing
>> authorization URL in the Location header field and the existing JSON
>> authorization object in the body.
>>
>> Notes
>> -----
>> The above text (or similar) should be appended to the end of section 7.4.1
>>
>> Instructions:
>> -------------
>> This erratum is currently posted as "Reported". If necessary, please
>> use "Reply All" to discuss whether it should be verified or
>> rejected. When a decision is reached, the verifying party
>> can log in to change the status and edit the report, if necessary.
>>
>> --------------------------------------
>> RFC8555 (draft-ietf-acme-acme-18)
>> --------------------------------------
>> Title               : Automatic Certificate Management Environment (ACME)
>> Publication Date    : March 2019
>> Author(s)           : R. Barnes, J. Hoffman-Andrews, D. McCarney, J. Kasten
>> Category            : PROPOSED STANDARD
>> Source              : Automated Certificate Management Environment
>> Area                : Security
>> Stream              : IETF
>> Verifying Party     : IESG
>>
>> _______________________________________________
>> Acme mailing list
>> Acme@ietf.org
>> https://www.ietf.org/mailman/listinfo/acme
>>

v2.23.0 | Report a Bug | By Email