IETF Logo Mail Archive

Re: [Acme] AD Review: draft-ietf-acme-star-delegation-04

Roman Danyliw <rdd@cert.org> Mon, 08 March 2021 20:53 UTC

Return-Path: <rdd@cert.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC6E93A173A for <acme@ietfa.amsl.com>; Mon, 8 Mar 2021 12:53:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.399
X-Spam-Level:
X-Spam-Status: No, score=-4.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q2yZtNKRl4QZ for <acme@ietfa.amsl.com>; Mon, 8 Mar 2021 12:53:12 -0800 (PST)
Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D6CD3A1738 for <acme@ietf.org>; Mon, 8 Mar 2021 12:53:12 -0800 (PST)
Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 128Kr7cM008872; Mon, 8 Mar 2021 15:53:07 -0500
DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu 128Kr7cM008872
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1615236787; bh=WvijFN9cNTL+/hJqkm19YwkLqLVycWxz9/ngDgY+ueM=; h=From:To:Subject:Date:References:In-Reply-To:From; b=HEHsNF821TuNyMhla2p7Ri8077hSpqGiUNK3h9Bli+djhAFjprBftldjBMGilRUYN Pmtv86iJ0hNDJYQ/hx89Jxr07fTxHr7dWJL/SdUGdsN7VSzEdlJN411HoP53Wfd+9B CmZjHyWwhdV6yoN4k3UYhO9nAbptsAztTZ6k8+P0=
Received: from MURIEL.ad.sei.cmu.edu (muriel.ad.sei.cmu.edu [147.72.252.47]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 128Kr4jM021003; Mon, 8 Mar 2021 15:53:05 -0500
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MURIEL.ad.sei.cmu.edu (147.72.252.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Mon, 8 Mar 2021 15:53:04 -0500
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.2106.013; Mon, 8 Mar 2021 15:53:04 -0500
From: Roman Danyliw <rdd@cert.org>
To: Thomas Fossati <Thomas.Fossati@arm.com>, Yaron Sheffer <yaronf.ietf@gmail.com>, IETF ACME <acme@ietf.org>
Thread-Topic: [Acme] AD Review: draft-ietf-acme-star-delegation-04
Thread-Index: Adb7Rh0lkRNAgi4VQP6kSm1bN0WrcAA9E/IAA2wWkiAAPWdigAAKIwYgAkN8AJAAC/O8AAAFhpQQ
Date: Mon, 08 Mar 2021 20:53:03 +0000
Message-ID: <df2d33f5c0b8470fb77bf5250afbd237@cert.org>
References: <5b94cd8f4c4944838936589cea70bd62@cert.org> <B85D7793-E228-4B95-B8DF-FD46F71F4F1C@intuit.com> <404f7522d37b41ecabb854bee42dc333@cert.org> <9D628EB5-401E-4FCD-8BBC-3FB967FB4102@gmail.com> <b4307f5c6d3e495785ae1051f3927207@cert.org> <5a3891a7fbad4d51addbbf9f6ba68727@cert.org> <85768624-6735-44DA-9105-57ADF0813E71@arm.com>
In-Reply-To: <85768624-6735-44DA-9105-57ADF0813E71@arm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.203.75]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/ai6x6gNU6-_WLGXSqminNM9xpzA>
Subject: Re: [Acme] AD Review: draft-ietf-acme-star-delegation-04
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2021 20:53:14 -0000

Hi Thomas!

> -----Original Message-----
> From: Thomas Fossati <Thomas.Fossati@arm.com>
> Sent: Monday, March 8, 2021 8:13 AM
> To: Roman Danyliw <rdd@cert.org>; Yaron Sheffer <yaronf.ietf@gmail.com>;
> IETF ACME <acme@ietf.org>
> Cc: Thomas Fossati <Thomas.Fossati@arm.com>
> Subject: Re: [Acme] AD Review: draft-ietf-acme-star-delegation-04
> 
> Hi Roman,
> 
> On 08/03/2021, 12:50, "Roman Danyliw" <rdd@cert.org> wrote:
> > Thanks for adding the new CDDL schema and clean-up to the JSON schema.
> > This resolves all of my feedback from AD review.  I will advance the
> > document to IETF LC.
> 
> Thank you!
> 
> > One question I have in the -06 to -07 changes is why the use of IP
> > addresses was dropped for subjectAltName in the CSR template (the
> > addition of URI makes sense).
> 
> For the full context of where this choice originated, see:
> 
> https://github.com/yaronf/I-D/pull/132#discussion_r584316393

Thanks for the pointer.  I see that Yaron posed the same question that I did in the github discussion.  

That explanation works for me.

Regards,
Roman

> Note that we added an explicit extension point to the subjectAltName Type
> (subjectaltname-extension) where, if needed, IPs could be added back by a
> future spec:
> 
> $$subjectaltname-extension //= (
>   ? IP: [ 1* regtext ]
> )
> 
> cheers, t
> 
> 
> 
> 
> 
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended recipient,
> please notify the sender immediately and do not disclose the contents to any
> other person, use it for any purpose, or store or copy the information in any
> medium. Thank you.

v2.23.0 | Report a Bug | By Email