Re: [Acme] AD review: draft-ietf-acme-ip-05
Roland Bracewell Shoemaker <roland@letsencrypt.org> Mon, 06 May 2019 23:45 UTC
Return-Path: <roland@letsencrypt.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A1FB12006B for <acme@ietfa.amsl.com>; Mon, 6 May 2019 16:45:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=letsencrypt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mqtnu6sL_vIV for <acme@ietfa.amsl.com>; Mon, 6 May 2019 16:45:45 -0700 (PDT)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6645A12001E for <acme@ietf.org>; Mon, 6 May 2019 16:45:45 -0700 (PDT)
Received: by mail-wr1-x42f.google.com with SMTP id f7so9234550wrq.1 for <acme@ietf.org>; Mon, 06 May 2019 16:45:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=letsencrypt.org; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=E+bsve7aI2KqIQVFz5+kWnM0UWP3wqGSEoyfItxpzHc=; b=dxur8pRGoIJYG2G5Kdm1S4xma2/9Uxs+e9cI/pB45DuJGSCSDSjddsN5/3k31nJAwV KmXUYHznTl1hJjFOr7Ja3+NGwTDoKxceek5NY1lywPg1muloUz3Cm0AgOoG1Vkon0tsp ibWmEQnpr/G1GUJbExb9w/IG4VAQB0HEoModw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=E+bsve7aI2KqIQVFz5+kWnM0UWP3wqGSEoyfItxpzHc=; b=hrpsR8HDXRQN9Csj5b01VoJj9ME7zW4Jhp04qPpJsPAkML+jQKFb+uTllBv0Zmzy8l Ob+OX8e0EiaZWcdbCqKMBEENZeTwjVnxhER4qRojLVRxlvfFaJgCQqlWv4NKd3k0vD/6 mg4uSAqz3SbSUJJ4q6ym6joxdWJ9j4RCNRiAY/UO93HcAf25rRqR7H/OJFhLmjPRY1i1 FBTUR23px8dMzIqNYXxV088W09np8TgKsdnvgSaVQc09Hi0HNBQrZIm/7pr1XiUu0Z+G UwMDtezxMePJUIEQUNplS1QwzfjZpmO3EPD1EvI6LfusGn/+Rb5gqVu5yriyI9rRjW7X NK9Q==
X-Gm-Message-State: APjAAAXSm/VOYvTOLgOR5u+Nqg1x+XqMqglsgVTsp1QikGSweaLYmisO 5EL2SbWeVIU6Ieuh2f+IbWNw8A==
X-Google-Smtp-Source: APXvYqx98XxyvHUp7PeHxx0Ea8AmSy1inckXxtnqm52rCsnZL9q6py16WDpPjKPQaPedSonQF/xK1A==
X-Received: by 2002:adf:fc49:: with SMTP id e9mr19844729wrs.269.1557186343740; Mon, 06 May 2019 16:45:43 -0700 (PDT)
Received: from [172.19.249.237] ([88.128.80.27]) by smtp.gmail.com with ESMTPSA id f138sm2131180wmf.23.2019.05.06.16.45.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 May 2019 16:45:42 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
From: Roland Bracewell Shoemaker <roland@letsencrypt.org>
In-Reply-To: <359EC4B99E040048A7131E0F4E113AFC01B33396F1@marathon>
Date: Mon, 06 May 2019 19:45:30 -0400
Cc: "acme@ietf.org" <acme@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6E082EC2-833B-4A74-8F27-8456C6392231@letsencrypt.org>
References: <359EC4B99E040048A7131E0F4E113AFC01B33396F1@marathon>
To: Roman Danyliw <rdd@cert.org>
X-Mailer: Apple Mail (2.3445.100.39)
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/bmo-qqAd65y9YODUuZkvWulXWxU>
Subject: Re: [Acme] AD review: draft-ietf-acme-ip-05
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 May 2019 23:45:49 -0000
Hey Roman, Sorry for the lag on this, I’ve been occupied by non-IETF work recently. I’ve done a pass based on your comments. I’m slightly confused about what you mean by including the clarify suggested in the previous AD review thread with regard to section 6 though. I believe the update in the -05 rev to section 6 clarified this ambiguity around the reverse mapping and SNI, do you think it still needs further work? I’ve pushed a branch with all of the suggested changes here: https://github.com/rolandshoemaker/acme-ip-validation/compare/ad-review-feedback-a If you no one has any objections to these updates I’ll submit a -06 rev with them. > On Apr 16, 2019, at 10:42 AM, Roman Danyliw <rdd@cert.org> wrote: > > Hi! > > I'm pickup up where ekr left off on draft-ietf-acme-ip. I see that -05 addressed some of the feedback from: > > https://mailarchive.ietf.org/arch/msg/acme/bGQtdDZ8i75t3dCt3EjPHxsGoG4 > > I have a few other items: > > (1) A bit of clean-up is needed in the references: > ** [FIPS180-4] [RFC4291] [RFC4648] appear in the references but are not cited in the text > ** [I-D.ietf-acme-acme] is now RFC8555 > > (2) Missing security considerations. It appears that in pruning the text from -04 to -05, this required section was dropped. Among other things, please include the clarity suggested here: > > https://mailarchive.ietf.org/arch/msg/acme/j8peTskrxupK0AyJyJomS99iOqw > > (3) Section 8.1 -- I recommend clearer language in the IANA considerations 8.1 by fully spelling out the registry names and ensure the registry column names align with this text: > > OLD: Adds a new type to the Identifier list defined in Section 9.7.7 of [I-D.ietf-acme-acme] with the label "ip" and reference I-D.ietf-acme-ip. > NEW: Adds a new type to the "ACME Identifier Types" registry defined in Section 9.7.7 of [RFC8555] with a Label "ip" and Reference to this draft. > > (4) Section 8.2 - I think the intent of this IANA action is to have "ip" be an Identifier Type for the Labels "http-01" and "tls-alpn-01" in "ACME Validation Methods" registry. This text isn't clear to me on execution - is text proposing (option #1) to modifying the existing entry in the registry (my read of the text, but two identifier types doesn't seem to be supported in the RFC8555 text), or (option #2) add another registry entry? Is it: > > (option #1) http-01, dns and ip > > OR > > (option #2) http-01, dns > http-01, ip > > Regards, > Roman > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme
- [Acme] AD review: draft-ietf-acme-ip-05 Roman Danyliw
- Re: [Acme] AD review: draft-ietf-acme-ip-05 Roland Bracewell Shoemaker
- Re: [Acme] AD review: draft-ietf-acme-ip-05 Roman Danyliw