IETF Logo Mail Archive

Re: [Acme] FW: [EXTERNAL] New Version Notification for draft-vanbrouwershaven-acme-auto-discovery-00.txt

Mike Ounsworth <Mike.Ounsworth@entrust.com> Thu, 20 July 2023 02:36 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8445AC15107E for <acme@ietfa.amsl.com>; Wed, 19 Jul 2023 19:36:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.996
X-Spam-Level:
X-Spam-Status: No, score=-6.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VM5A0WDlgFb9 for <acme@ietfa.amsl.com>; Wed, 19 Jul 2023 19:36:55 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE442C15106B for <acme@ietf.org>; Wed, 19 Jul 2023 19:36:54 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.22/8.17.1.22) with ESMTP id 36JID1qV030461; Wed, 19 Jul 2023 21:36:49 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= from:to:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=mail1; bh=MXP/MwEMLfwWa36I8dJfgPGN 6RR4SNQvEQ5z1PqPfQs=; b=XJ8METKwX4+aNLqi5TpyA0aN1QbyQeLzzskOnSD6 LxYr3yYIiz7sm1iZBaIFNnzi54Tcxy4jwSr9DjoDgjkDKmh9XMp4ERYI/YwNN8oP al1jFabwNl7Uj713AdwNXRoNiCQaOU4lLhXM9Y8NF3jxpRdZ94tcVnqYe9OPxWqV J8sK4qUCX6CfuZnhNMnbe84wdscEZUPf7Z6+TBrDysrXYieLEwlEXCejz0jI2Dcn kwd1FtHezm6zwsejhhvdmofhMoi+J9ygZW+mouBxAV4v8LSUtu5TxgpTeUEreAda WrfMux3FeoVMDVD9t1O+pHYCJLhQBXZ/azfi2zqBH3aHOg==
Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp2040.outbound.protection.outlook.com [104.47.57.40]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3rwbb795f9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 19 Jul 2023 21:36:48 -0500 (CDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Goojp+EGV3BzAGO92hVNZtxxgwAKvxQRLg5ZlH5xHv0BeeIOjdTQG1/TH/W1MGOLJ1/mcGui+F3T0eppYx8asrJSWl2fu6GUw2xEEDssvAYAeiaLeVBDa1H71pUgcD/Azb73tFqmX0s6OMLx2+D1pvtPfrEah6zvwazfBMcbEJjqvGU5C3t4nGbyXx/B5iowElyR8XfCxHS2q/gRwjdDr+KfH/MHV8fIOTaVcUML/3kivQCb0hWqVOB4x0GKtiuDbBaAInKL+M1wvaglm6uAFxUWPfQaNrCmTuV5VUkz5JgSj2ObIhTMu0R4d1IOgZTExzu1n7e1Ulk6H3uHJ1cGVg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MXP/MwEMLfwWa36I8dJfgPGN6RR4SNQvEQ5z1PqPfQs=; b=W2FKUOZCgoYExBgkmMff8KbskZ2fDse+fx7LWMh6oeYeqeYRf6UZDfIlPcVCeE2QrOPFCXTQ1uvbtbEdWdkBGIRq1s7ESl+8yaO9I1bh4f4fXYtaQHRarXwVtN5Y3yoPsiWpnAMQw8E24t6zua3ux2Xvxcv73HqfIszjZ1r3oG5oFQFeIG+Gmikz5RDVAifdym8AriK55s26e8XF1R48DZ9IPhQqJYeNjvyqe8WQulYuJ7WkZPC09SKjsCQ/0ucNRwKcIU4040/8let0oyEBi2w19IpA8CJ+e9OBaIGwSclOJYqaRfx6MkOcRuX6Ep7VbatZ7bASDZFNmFl1yAyI3g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by PH7PR11MB8124.namprd11.prod.outlook.com (2603:10b6:510:237::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6609.24; Thu, 20 Jul 2023 02:36:42 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::d45b:42b9:5ab3:2e22]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::d45b:42b9:5ab3:2e22%5]) with mapi id 15.20.6609.024; Thu, 20 Jul 2023 02:36:42 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org>, Seo Suchan <tjtncks@gmail.com>, "acme@ietf.org" <acme@ietf.org>
Thread-Topic: [Acme] FW: [EXTERNAL] New Version Notification for draft-vanbrouwershaven-acme-auto-discovery-00.txt
Thread-Index: AQHZsBeqgO/Qy8UW2EKh0oZ3cvLhkK+s0GpwgADE/YCAAFrbAIAAA7GAgABa4YCAB9RzgIAADJWAgAAvcLCAAAWAgIAAB05ggAASwYCAAA9IgIAACQOggAttVMA=
Date: Thu, 20 Jul 2023 02:36:41 +0000
Message-ID: <CH0PR11MB573996DEF10DD6B3866A84EE9F3EA@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <168865435873.61106.2850041921157081937@ietfa.amsl.com> <CH0PR11MB5739FDB26BF675925C449AA69F2CA@CH0PR11MB5739.namprd11.prod.outlook.com> <c940e1f9-8dde-f116-fa7b-d7519c1b3cc7@gmail.com> <LV2PR11MB5975448E7C35FC1335F8B474F82DA@LV2PR11MB5975.namprd11.prod.outlook.com> <6628ae69-f61b-3165-3efa-7d4768e19b62@gmail.com> <D07CAC42-135C-42DA-A9A2-422B7757B448@akamai.com> <CAMEWqGskfMfcttcUTLG-3uLSQNnc+iYcWZuypCZHiETewEsG=g@mail.gmail.com> <LV2PR11MB59757256A049E053B1182D1DF836A@LV2PR11MB5975.namprd11.prod.outlook.com> <SN7PR14MB64926F791C50EDDFCF4291328336A@SN7PR14MB6492.namprd14.prod.outlook.com> <LV2PR11MB59755B54227729113733FCD4F836A@LV2PR11MB5975.namprd11.prod.outlook.com> <SN7PR14MB649214DD146349C3EB3972958336A@SN7PR14MB6492.namprd14.prod.outlook.com> <LV2PR11MB5975530883304B857A325824F836A@LV2PR11MB5975.namprd11.prod.outlook.com> <bcd25ad2-98aa-6af5-4b3c-4b156dfc31a6@gmail.com> <SN7PR14MB6492444D1D6A64632F05641D8336A@SN7PR14MB6492.namprd14.prod.outlook.com>
In-Reply-To: <SN7PR14MB6492444D1D6A64632F05641D8336A@SN7PR14MB6492.namprd14.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-Mentions: tim.hollebeek=40digicert.com@dmarc.ietf.org
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|PH7PR11MB8124:EE_
x-ms-office365-filtering-correlation-id: abbb7358-f02d-4b98-2c67-08db88ca26dd
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7KVvMtRWrUB0adLnRlp0prZ0YnwRN1eiP6kGX0wKqQn1UJpaMFvN9NSc1WrFHcdGrE2d+eo7z8HYobXgFTLmbx/OFi2xS/MpDMN5rbCd3RvnDaVKIUgyEFZYSCvCmUZEJv4Cvp/C61lgRrK4BHYkjZG7S0vy75Q7eeemUKOuk31OzICiiqcBIVoR9z2fHriIWaETc0R/E3MSCdCbita/S/tq5s2SClyRm+aj9NCQ+9q8jmlppFmUPmXoyrJfb/WltTBJRe0udmh1a07zf0w2uTWcjyuFi7kYYboELLBrsvHasjMyMQtkifH1lAEJmXNmImj/aTx+c6muIMKBO2tw2DX+DIOK7KLoITfmcGIqV5adtvMY8p5MeA2f58rYnVQ83JGdttFGwTh/f0aY22EIZDFwgKI1ICOnGO8SU+NWNkJhin823xvvmb20loc2UJkrgG1W7sqSUUHpziycd0tLiE9CHAUkN+YgspUYxIciyj8hQeit1fZZFWLBLsdMSbVy8yDsF7SQO2WKyXEQrb+f0Lo/znSoXn9kxdOCPP/p1sBD/bVqOo1/Zd5nZI2YZVT4rKTrYuQFn4QFYb+GbsXm9qlLZ2swjaGssIgr8T0fRw8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(136003)(396003)(366004)(346002)(376002)(39860400002)(451199021)(8936002)(52536014)(8676002)(5660300002)(66574015)(38100700002)(38070700005)(316002)(66446008)(66946007)(66476007)(64756008)(66556008)(76116006)(122000001)(15650500001)(83380400001)(2906002)(33656002)(41300700001)(110136005)(478600001)(55016003)(9686003)(7696005)(53546011)(71200400001)(26005)(186003)(6506007)(166002)(86362001)(966005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: xw5PAYyJgClxfVv8qainQo03cLQRj6+bH0pO3m2/BEKNuumD5xrWIZhlViuAMoD8q/W0OdLnVmjHIohv3E+lsbBJ9gzMOfnclKU6+D6UBV06oEfij18ZVhc+JKdqCZwUywSnZmRxIRts2OmQI2i/LLd2V+rWolu49ifncnG46JH37vwAUP5/1OYah3FOPlu9EbTwTxtYbLzAgyAJ6AVFsY1zHvpf3JJWgXaKBjqPO/H9H6SFeGFY7O/zEjb9Y+JlgZ5FoJ0xQ5ZyrOaQ/sJKbObDobDwKeCZxh5qCAq0we/8HjTTAFwcLXRdQ/S5Hzy05v/Pgtrh5x0CNlaxxQUyePE3YgY6czccc/ybxRNSWM/zxcamV9ior9Vbf8/Jwk7qgjM9/+VUqsFGUZtNwr+E2OO7J6HBpQ6m0KowGCTrAuXJjFu75k5Bd8pv+omNpTWVWuw00L0Cp2U4ABR3FhHsb3xzkX5ndTkfjNJtb3ZDMA/WlWHdZCoCmNDms9jF2BgPjtV5+9Jp7oLQ/LEsqYY89OUbCLI/SfzddoDZGb1P0t0pVFlJ1NdvE5gFsRoW4k/FT5wgYWCL8Lkwi5vyEX2nBmiagezjn/SQgaG/mLmKX72xa3x3FEvFAoTPztlWZ4D2q26dfXuPzpjyM4Jth0o4j088xt644PMoYyDa1+hIcYo9WJNurzFIkfUi8ds0OVjxFafy2YEYsztB2PgjxlEoZTYO55SfFpFxwiThGAb0ZRM4AX8ear1o4bltJYQhQdoEe/DLWHGAWZUIGsv86Xxt/0WLvRkhQCjLO871CwHREOy3lZmo3/2BKVb61RgG1JucYoMEw3LqTz+OWAk47ixbh+O9zAZCZirnrXrcUWJETC5CqLlqrxS86sC/71NCfwcpAMV1ugqNyWNi0Lo/x/yn5qII4JRZt69TKIKNqABp9JcvwWHKWkp96q4XGNRT/2QgzPucYWczzS2xtVUkHrCDb4IDBgwgTWs9FcRdqeCex/UzUBe35jbQgLOn/lp0HLd9r9N+cDPppg1PBd/18pwEI4Tr5VFO/tlkmqH2PPmgLQVgdqcOnFoxZopyVtPPzpPLHxuRVW0lG3feKma5u6B7aNmlhKxbUoK4Cc7/DtkyrWR4fP0MD8u7HtahXxzGdCqX46+PwnWEbRF+FKm+2ltJqN2E2XDTthzlsz6C6/ig4EDS3aTTLM8S2Nh5WP6mBTZZeL9pcHMSwAddGyIfgvCCAZrUgm1HHxf2mfVtIyLZbZIzyaFsNyq+4N3rYZh2PttLyN35vuvNbaQVh/pZl7cwfNTOYiMZQGQrHLQvQGvvl3r+LCEUSAyYPDkHt0U6eZJh2TawcrAhrV/dUeB0zE9FvANpEQQOkLWub4Xa7cs9juL8Fa/oa0M0kFN8mYqDtyIZSLQSQr97BowGWkfNH8j22SJqkvCkWBOUtrRGKpyrvvyJwpjNXAjDyhVB3FGMIOCBBGHCekoheGZkzxk9a6wb7B6YpjWotasXt2IjOOYjwaCEyD5o8gDpRo5yueN3z3+dKVb/cByu0BtbpqPlFMmXaJjR1SAyNLhGep9OAqqdyMgVEnwmPnndhY9eXmanBvcl
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB573996DEF10DD6B3866A84EE9F3EACH0PR11MB5739namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: abbb7358-f02d-4b98-2c67-08db88ca26dd
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2023 02:36:41.9263 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: hIQ3ZNniqa9PRxJJJZD4HbfS0WdZitre7xi/tHI/a6CnRPm6Lh8daTXSDmpobkHsO3gieQvzQ2WuajWDiuiqpJ5sf2dzVVNAbzdT/qjb/8M=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB8124
X-Proofpoint-GUID: NpLq6j2M3_-ypGYI6yTfTdwuvxjrqNt7
X-Proofpoint-ORIG-GUID: NpLq6j2M3_-ypGYI6yTfTdwuvxjrqNt7
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-07-19_16,2023-07-19_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 malwarescore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 phishscore=0 priorityscore=1501 lowpriorityscore=0 spamscore=0 adultscore=0 bulkscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2306200000 definitions=main-2307200018
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/aC8F3XiJ8_VfyEKNmCC37V6rEEY>
Subject: Re: [Acme] FW: [EXTERNAL] New Version Notification for draft-vanbrouwershaven-acme-auto-discovery-00.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2023 02:36:59 -0000

Personally, I like the way “no priority” is currently handled in 3.1.2:
“In the case that this parameter is not specified, the entry will be considered to have a lower priority than all entries which specify any priority.”


Thinking out loud here: @Tim Hollebeek<mailto:tim.hollebeek=40digicert.com@dmarc.ietf.org> how do you feel about treating multiple entries of the same priority as random-round-robin? The justification is that it enables load-balancing. But it’s also a source of complexity and I’m curious if it feels “necessary” to you. It could instead be left to the discretion of the implementer of the ACME client and we could say “for example selected randomly, or in the order they appear in the DNS record”.

---
Mike Ounsworth

From: Acme <acme-bounces@ietf.org> On Behalf Of Tim Hollebeek
Sent: Wednesday, July 12, 2023 3:03 PM
To: Seo Suchan <tjtncks@gmail.com>; acme@ietf.org
Subject: Re: [Acme] FW: [EXTERNAL] New Version Notification for draft-vanbrouwershaven-acme-auto-discovery-00.txt

The problem with inverting things like that is that the highest priority is important, and so identifying a value that corresponds to the highest priority (like 1) is very useful.  Having an explicit value for the lowest priority is very low priority.

If you use zero for the lowest priority, then the highest priority value is a very inconvenient number (MAXINT or similar).

I agree with Rich Salz: priorities are positive integers, and 1 is the highest.  That’s a pretty standard way of expressing priorities.  Anything beyond that is an unnecessary complication.

-Tim

From: Acme <acme-bounces@ietf.org<mailto:acme-bounces@ietf.org>> On Behalf Of Seo Suchan
Sent: Wednesday, July 12, 2023 3:29 PM
To: acme@ietf.org<mailto:acme@ietf.org>
Subject: Re: [Acme] FW: [EXTERNAL] New Version Notification for draft-vanbrouwershaven-acme-auto-discovery-00.txt


I think make priority descending order removes such headache: default is 0 and so it has lowest priority than any other integer, make no reason to treat 0 exceptionally.


2023-07-13 오전 3:34에 Paul van Brouwershaven 이(가) 쓴 글:
I have to agree that 0 is not a positive integer and reverted the prior change:

> In the case that this parameter is not specified or contains the value "0", the entry will be considered to have a lower priority than all entries which specify any priority.

So, setting "0" would invalidate the parameter, causing the ACME client to ignore the CAA record all together.

Does this also make sense to you Q?

________________________________
From: Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org><mailto:tim.hollebeek=40digicert.com@dmarc.ietf.org>
Sent: Wednesday, July 12, 2023 19:32
To: Paul van Brouwershaven <Paul.vanBrouwershaven@entrust.com><mailto:Paul.vanBrouwershaven@entrust.com>; Q Misell <q@as207960.net><mailto:q@as207960.net>
Cc: acme@ietf.org<mailto:acme@ietf.org> <acme@ietf.org><mailto:acme@ietf.org>
Subject: RE: [Acme] FW: [EXTERNAL] New Version Notification for draft-vanbrouwershaven-acme-auto-discovery-00.txt


If priority is defined as a positive integer (which makes sense to me), then zero is an error, yes.



If it’s desirable to have a “no priority” value, then zero might be a reasonable choice for such a value.  But it’s hard to reason about whether “no priority” is higher or lower than items that do have priorities, so I think “no priority” adds additional complexity that should not be added unnecessarily.  I think it’s simpler to stick to a single, ordered list of priority numbers, and ordinal numbers (a.k.a positive integers) are the best way to express that.



-Tim



From: Paul van Brouwershaven <Paul.vanBrouwershaven=40entrust.com@dmarc.ietf.org><mailto:Paul.vanBrouwershaven=40entrust.com@dmarc.ietf.org>
Sent: Wednesday, July 12, 2023 1:01 PM
To: Tim Hollebeek <tim.hollebeek@digicert.com><mailto:tim.hollebeek@digicert.com>; Q Misell <q@as207960.net><mailto:q@as207960.net>
Cc: acme@ietf.org<mailto:acme@ietf.org>
Subject: Re: [Acme] FW: [EXTERNAL] New Version Notification for draft-vanbrouwershaven-acme-auto-discovery-00.txt



> Anyone who argues that zero is a positive integer should be referred to the standard math textbook of positive.  Zero is a non-negative integer, but I’m not aware of any definition of “positive” that makes it a positive integer.



Do you argue that "0" should be threatened as an error instead of equal to no priority?



________________________________

From: Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org<mailto:tim.hollebeek=40digicert.com@dmarc.ietf.org>>
Sent: Wednesday, July 12, 2023 6:43:21 PM
To: Paul van Brouwershaven <Paul.vanBrouwershaven@entrust.com<mailto:Paul.vanBrouwershaven@entrust.com>>; Q Misell <q@as207960.net<mailto:q@as207960.net>>
Cc: acme@ietf.org<mailto:acme@ietf.org> <acme@ietf.org<mailto:acme@ietf.org>>
Subject: RE: [Acme] FW: [EXTERNAL] New Version Notification for draft-vanbrouwershaven-acme-auto-discovery-00.txt



Anyone who argues that zero is a positive integer should be referred to the standard math textbook of positive.  Zero is a non-negative integer, but I’m not aware of any definition of “positive” that makes it a positive integer.



Also, ignoring failures in CAA records is probably not the right answer.  CAA should fail closed, not open.



-Tim



From: Acme <acme-bounces@ietf.org<mailto:acme-bounces@ietf.org>> On Behalf Of Paul van Brouwershaven
Sent: Wednesday, July 12, 2023 9:52 AM
To: Q Misell <q@as207960.net<mailto:q@as207960.net>>
Cc: acme@ietf.org<mailto:acme@ietf.org>
Subject: Re: [Acme] FW: [EXTERNAL] New Version Notification for draft-vanbrouwershaven-acme-auto-discovery-00.txt



Hi Q,



Thanks, this is great and really helpful!

Is priority=0 an error coditition, some might argue 0 is a positive integer?

Any suggestion? maybe we should simply start counting at 0 instead of 1

What about discovery=foobar?

"foobar" is not a Boolean, the text is clear that this parameter MUST be a Boolean, so this should invalidate the parameter.

Should the client ignore invalid issue records and process the rest, or fail outright?

We should ignore the failure of a single CAA record and continue with the next, similar to when the client encounters ACME errors.



I will clarify this with the following change:



The ACME client analyzes the CAA records - > The ACME client analyzes the valid CAA records



It looks like you implemented discovery as a pre-condition while 3.1.1 specifies:



When this parameter is not specified the client MUST assume that discovery is enabled.



There is however a comment in the examples that this behavior might need to change if deemed necessary.



Paul





________________________________

From: Q Misell <q@as207960.net<mailto:q@as207960.net>>
Sent: Wednesday, July 12, 2023 15:06
To: Paul van Brouwershaven <Paul.vanBrouwershaven@entrust.com<mailto:Paul.vanBrouwershaven@entrust.com>>
Cc: acme@ietf.org<mailto:acme@ietf.org> <acme@ietf.org<mailto:acme@ietf.org>>
Subject: Re: [Acme] FW: [EXTERNAL] New Version Notification for draft-vanbrouwershaven-acme-auto-discovery-00.txt



Hi all,



I happened to be poking around the certbot codebase today and decided to try and implement this draft.

It turned out to be a much simpler task than I had expected, however I felt the draft was a bit lacking in details for what the ACME client should consider an error.



For example:

  *   Is priority=0 an error coditition, some might argue 0 is a positive integer?
  *   What about discovery=foobar?
  *   Should the client ignore invalid issue records and process the rest, or fail outright?

My fork of certbot with the implementation is available at https://github.com/as207960/certbot/tree/auto-discovery<https://urldefense.com/v3/__https:/github.com/as207960/certbot/tree/auto-discovery__;!!FJ-Y8qCqXTj2!cZZsOZ0v5-kwi0u2XFbPWT2ddKQUeoKDOKjmTA0uStA0dZuwoAFoA5bphSBDyICkcF08SK8ddsv-a3_g84d3UvJ3$>.



Thanks,

Q

________________________________

Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № 12417574<https://urldefense.com/v3/__https:/find-and-update.company-information.service.gov.uk/company/12417574__;!!FJ-Y8qCqXTj2!cZZsOZ0v5-kwi0u2XFbPWT2ddKQUeoKDOKjmTA0uStA0dZuwoAFoA5bphSBDyICkcF08SK8ddsv-a3_g8-o0EXCj$>, LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876<https://urldefense.com/v3/__https:/ico.org.uk/ESDWebPages/Entry/ZA782876__;!!FJ-Y8qCqXTj2!cZZsOZ0v5-kwi0u2XFbPWT2ddKQUeoKDOKjmTA0uStA0dZuwoAFoA5bphSBDyICkcF08SK8ddsv-a3_g86EYmrmH$>. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca Digital, is a company registered in Estonia under № 16755226. Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively.





On Fri, 7 Jul 2023 at 14:32, Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org<mailto:40akamai.com@dmarc.ietf.org>> wrote:



  *   how about ratelimit? for large hosting they will hit CA's default API ratelimit fast



The HTTPAPI working group is working on standard HTTP headers for specifying rate limits.  See

                https://datatracker.ietf.org/doc/draft-ietf-httpapi-ratelimit-headers/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-httpapi-ratelimit-headers/__;!!FJ-Y8qCqXTj2!cZZsOZ0v5-kwi0u2XFbPWT2ddKQUeoKDOKjmTA0uStA0dZuwoAFoA5bphSBDyICkcF08SK8ddsv-a3_g81_OWtQS$>

_______________________________________________
Acme mailing list
Acme@ietf.org<mailto:Acme@ietf.org>
https://www.ietf.org/mailman/listinfo/acme<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/acme__;!!FJ-Y8qCqXTj2!cZZsOZ0v5-kwi0u2XFbPWT2ddKQUeoKDOKjmTA0uStA0dZuwoAFoA5bphSBDyICkcF08SK8ddsv-a3_g8yXgZATe$>

Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.


_______________________________________________

Acme mailing list

Acme@ietf.org<mailto:Acme@ietf.org>

https://www.ietf.org/mailman/listinfo/acme<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/acme__;!!FJ-Y8qCqXTj2!e2ahcjHxpBm0DbNAyyiXQOSvyGXiiprYJeT7WWoAb0jKC4V8Ej-5FkVLT2ANFjUiCbXDMuctgsbRX7K6XZkgCBy-F0LN8gbEBBfZ$>

v2.23.0 | Report a Bug | By Email