Re: [Acme] Reference implementation of draft-misell-acme-onion
Q Misell <q@as207960.net> Sun, 23 April 2023 21:12 UTC
Return-Path: <q@as207960.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23F97C1516E3 for <acme@ietfa.amsl.com>; Sun, 23 Apr 2023 14:12:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=as207960.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Em4lHVpEW9Q for <acme@ietfa.amsl.com>; Sun, 23 Apr 2023 14:12:53 -0700 (PDT)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 563AFC1516F2 for <acme@ietf.org>; Sun, 23 Apr 2023 14:12:52 -0700 (PDT)
Received: by mail-ed1-x52b.google.com with SMTP id 4fb4d7f45d1cf-5068e99960fso6313116a12.1 for <acme@ietf.org>; Sun, 23 Apr 2023 14:12:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=as207960.net; s=google; t=1682284370; x=1684876370; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=fda7qURVd64SohJIomKm9fiAOzSmRp9R6OzYYuiCRHw=; b=MN6hexNdHz1UZp9C/Jgj3XrjHi0gEMBL/oYvuEIXNrqfnbG0iZWnT0uIf5onjj7Yac FHV3RY0lCu8TbgQW2nxTI/oTBvbyVq5OOZDF0+rtV2ts7xxBXLlPo2PDyTBby2TTpS75 i0ctEBmsZQWBDkvsChtquoL3f7UzVkug9C2assgNI2w+xZBjvY/OKvHkQ0b7gGmj0pAK HuspEPbOBTuX5Qp+QVXT3HZqGAt11RkuFX686m9GydPipIsQULCK9QrdFUdzQs4p+ozD S/alFWVNy0uZClw5x5NRjFrAZAS4vB/bul+LVCfhNSuKlu/41ym7Px1cGFtLiuEveSnb FZ7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682284370; x=1684876370; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=fda7qURVd64SohJIomKm9fiAOzSmRp9R6OzYYuiCRHw=; b=ZzPpKk6bT/9G0kfSHO/HXzFfsnihKfs8kvRDluId17+Xt79UpHUj5JI7xplFXvdtvq 0bVgc/SCmLWUzQEvYZyUSYLouduL8JCQuzKgsPltBngweP7UgHrlKU5II236Ao48LHHK 8QFL89q91QQe8NCTzeFK7q/0if+tOR1dSQnwpw6D64OTLdRroEw8jmIR5X7lCc/RlbvA OYx4VJxSZpzV/yO8/JcVPb1wYW7nzYrM6qhj/+CsCIjJDTQPtbqeHhVT9jC2xOoPtbTw Y3ZtjjvuT9PQYFyCtpOussFsUcRUCtQdRLmVGv3Sndwm3/PgL9Ci9J6WDolQSxZ09E5t X8Gg==
X-Gm-Message-State: AAQBX9dsLle7wkQFBUniv2MiFNHb4UxDs/Npu8jProDl1lsq5tMJxrMx /A/ZYua3B4F+73FQiOk1LL/5lhTdh5RrFfulXXl4wA==
X-Google-Smtp-Source: AKy350ZbEoK3YSjLn0SWal0HtUduY1yvEnAgSkur/hpjI/POXLW5n/uIysHjOTxJglGodTOgk8+/T4swJi5l7DgUBCc=
X-Received: by 2002:aa7:d80d:0:b0:504:de28:36fc with SMTP id v13-20020aa7d80d000000b00504de2836fcmr7927719edq.38.1682284370355; Sun, 23 Apr 2023 14:12:50 -0700 (PDT)
MIME-Version: 1.0
References: <CAMEWqGvDnUAttLh=0VPnWXdWxiH96hzm+XGX-q9vG_vmO9U85g@mail.gmail.com> <c14c31fc-8985-0d5a-2034-9dbc9d20ab77@gmail.com>
In-Reply-To: <c14c31fc-8985-0d5a-2034-9dbc9d20ab77@gmail.com>
From: Q Misell <q@as207960.net>
Date: Sun, 23 Apr 2023 22:12:14 +0100
Message-ID: <CAMEWqGu4+LCVjKf_cszfY0nUE8trate9b1-Q4uGopqJrFqKdeA@mail.gmail.com>
To: Seo Suchan <tjtncks@gmail.com>
Cc: Q Misell <q=40as207960.net@dmarc.ietf.org>, acme@ietf.org
Content-Type: multipart/alternative; boundary="0000000000004e80b805fa075a0e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/aC2VMTtTkcuT0vcyltzs-5ch3PU>
Subject: Re: [Acme] Reference implementation of draft-misell-acme-onion
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Apr 2023 21:12:58 -0000
Hi Seo, Thanks for the feedback. I copy pasted the list of logs into my code from https://github.com/google/certificate-transparency-community-site/blob/master/docs/google/known-logs.md, it would probably be a good idea to delete the old logs. The SERVFAIL response is non very clear, agreed. I'll improve my error handling there. In my testing, adding new records to the first layer descriptor doesn't bother the current Tor project tor implementation (seemingly the only one anyone ever uses). I'm still working on patching the tor router to add support for defining CAA but I'll definitely put up a few test services with different configurations once that's done. Thanks, Q ------------------------------ Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № 12417574 <https://find-and-update.company-information.service.gov.uk/company/12417574>. ICO register №: ZA782876 <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively. On Sun, 23 Apr 2023 at 14:27, Seo Suchan <tjtncks@gmail.com> wrote: > google's solera 2018~2022 are no longer accept new record. solera ct log > is sharded by notafter day of incoming certificates, so only log able to > use currently be 2023 (assume 90 day certificate) > > when I ran you client for onion-csr without having hosted onion hidden > service, server returned caa servfail, not sure this is right response > for such (not yet hosted) domain: NXdomain or dedicated error code looks > better. > > not sure how one can add a format in first layer like in 5.3 without > breaking old tor client implementations. could make a hidden service > with caa-critical online? > > P.S didn't notice you already posted v 02 of this draft. > > 2023-04-21 오전 7:04에 Q Misell 이(가) 쓴 글: > > Hi all, > > > > Thanks for all your feedback over my draft. I've incorporated your > > comments into a new draft, and published this. > > > > I've also finished my reference implementation of the draft, more > > details available at https://acmeforonions.org. I'd be delighted if > > you'd try it out and let me know what you think. > > > > Thanks, > > Q > > > > _______________________________________________ > > Acme mailing list > > Acme@ietf.org > > https://www.ietf.org/mailman/listinfo/acme > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
- [Acme] Reference implementation of draft-misell-a… Q Misell
- Re: [Acme] Reference implementation of draft-mise… Seo Suchan
- Re: [Acme] Reference implementation of draft-mise… Q Misell
- Re: [Acme] Reference implementation of draft-mise… Q Misell
- Re: [Acme] Reference implementation of draft-mise… Charles Eckel (eckelcu)