Re: [Acme] [Errata Held for Document Update] RFC8555 (6843)
Deb Cooley <debcooley1@gmail.com> Mon, 15 January 2024 11:42 UTC
Return-Path: <debcooley1@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 403AAC14F6AE for <acme@ietfa.amsl.com>; Mon, 15 Jan 2024 03:42:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.857
X-Spam-Level:
X-Spam-Status: No, score=-1.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wzPGWXsRn3nd for <acme@ietfa.amsl.com>; Mon, 15 Jan 2024 03:42:07 -0800 (PST)
Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com [IPv6:2607:f8b0:4864:20::12b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3409C14F6AB for <acme@ietf.org>; Mon, 15 Jan 2024 03:42:07 -0800 (PST)
Received: by mail-il1-x12b.google.com with SMTP id e9e14a558f8ab-36082f3cb05so29787795ab.0 for <acme@ietf.org>; Mon, 15 Jan 2024 03:42:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705318927; x=1705923727; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=GCU3h02iMMNwH5ocWSK0XCixlDXaLYLxTM54lY0Lc+8=; b=WY0RxFwRmoTaP5lQZiQQ3mSf0KOPz5kLlPbIcARRmyDsZbMw9NkB+2KW1cHVxvfwss JCGAtwDhrvUGu9oJGbFsHhLKOPMKUJRVL/YMXUCtGD/ykh+ABqMDOU+8kZNlh2VnmgUd 7t/P32UIZQJGWP5zasnIYwceb3141uFdX9Uai8RMaHJVORNdYvkIv2fqNrJht9kpFNHV O+4Kwisyg85TAqm96W0SuZclkCdfbW3jKgfA55BFjhI8ZUs2eDCFA8G0ze2vLsMxQLVT olUYvkAQnosaz1eWMj8DWiJCOBj6imszi5/sxDVDg9CPI0Czusxk1dfr0iUFma+XkWla 0mJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705318927; x=1705923727; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GCU3h02iMMNwH5ocWSK0XCixlDXaLYLxTM54lY0Lc+8=; b=C2lW90KATpDk1fJXujL4VV1RpC18q85HOBPk52bFcyCep5hJA3D7vu7pSvNgZkV/IU kCnxLIx5EWqomFOAa726j/ggW3RnlYjU2q0txOWxuHklKvEmNcSRvsoR6358dRjZ3sYd korwo8M35mh6Qr3aj6OfCI5ZUUi8TY8QZRTweiMPxlSKcSTl1JldA53h5+KkUYqG/LvG l34JtpFhELt82aG2kjR1WbTXAB/UOjrphowJmA3H70VppsSaPj2yhq/kQaROzatVTylb N7xuREF6GrM2Niuei3RzlyL9wE5XGjoCeHAeohNFViFnjN4cEcWAwWKZWF0bb2h6xdwE g10w==
X-Gm-Message-State: AOJu0Yxv+C7Be9MlWYntWl6G98GirO6aePa02Y4h1xmk8v/rNPLONTve aSIT5Peo6rHcJzztsq5iKVf5qe1Vu7NbgtpBaA==
X-Google-Smtp-Source: AGHT+IHWQA03cxMzchA8pB6dFxxGqX3abKFGqVthG2IDQn0PTzCob53eyHwAlYRYT4yUI1dr81Q9jQRw+V16k31Euhs=
X-Received: by 2002:a05:6e02:b2a:b0:360:908b:7ec2 with SMTP id e10-20020a056e020b2a00b00360908b7ec2mr6339678ilu.60.1705318926967; Mon, 15 Jan 2024 03:42:06 -0800 (PST)
MIME-Version: 1.0
References: <CAChr6SypX6PN_00OQUzRbtyXeQYsuVeZeRjg9Xosk8uRTkzr2Q@mail.gmail.com> <CAEmnErfE=-HMKkf4MHUfYCLam0baWA+QnAA7tg_tREtPFvRhdQ@mail.gmail.com> <CAChr6SzGo-4RZ0TwfqcJhy4FzL53LmsWHpe9EmN5eN_GDhdLzw@mail.gmail.com> <CAOG=JU+YFE826M7aW_KJRXNw639QjvVgH4WryPJ++Xq+BGS+Uw@mail.gmail.com> <CAChr6Syg80PWYDBDA872gyUkPoVKWvr2zsRmOUs16mGawQPa6g@mail.gmail.com> <CAGgd1Oc2=yXQvw+0sLZ+q5FKeg8N7_jxC-MdjaV9pjsmCNaEow@mail.gmail.com> <CAChr6SwAYSn4eEVvnce7XR18G8KPixFG_BbHRKzSKMrkEv4Nig@mail.gmail.com> <CAEmnErdY9umopZBBy4i6-2WcZotkopKquDPTRfaTCnURL49t=w@mail.gmail.com> <CAChr6Swap48ZkNRxxkdqQ_2YSgDzg4CG-dJGdJUiA05GYzBOMw@mail.gmail.com>
In-Reply-To: <CAChr6Swap48ZkNRxxkdqQ_2YSgDzg4CG-dJGdJUiA05GYzBOMw@mail.gmail.com>
From: Deb Cooley <debcooley1@gmail.com>
Date: Mon, 15 Jan 2024 06:41:48 -0500
Message-ID: <CAGgd1Oc7Mb9FKZWxFFB3bYwR+b7g09u6bcGk6oVDQgPm6Fqg+A@mail.gmail.com>
To: Rob Sayre <sayrer@gmail.com>
Cc: IETF ACME <acme@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000deea3f060efa8040"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/diHM5fdQOyMtPwMIYBREgtKHP7A>
Subject: Re: [Acme] [Errata Held for Document Update] RFC8555 (6843)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jan 2024 11:42:08 -0000
Given the discussion and lack of consensus it is clear to me that 'hold for update' is the right call for this errata. In addition, we need to keep our discussions polite on this list, there will be no bullying here. Items being brought up for discussion need to have specific and concrete examples within scope. Deb ACME chair On Mon, Jan 15, 2024 at 12:54 AM Rob Sayre <sayrer@gmail.com> wrote: > > > On Sun, Jan 14, 2024 at 9:12 PM Aaron Gable <aaron@letsencrypt.org> wrote: > >> On Sun, Jan 14, 2024, 10:12 Rob Sayre <sayrer@gmail.com> wrote: >> >>> On Sun, Jan 14, 2024 at 3:01 AM Deb Cooley <debcooley1@gmail.com> wrote: >>> >>>> I had this marked as 'hold for update' (vs. 'verified'). I can't tell >>>> from the discussion how you think we should be handling it. >>>> >>> >>> The erratum says "the challenge must be initiated over HTTP, not >>> HTTPS.", which is a little better than the current draft, in my opinion. >>> >> >> To be clear, the document being discussed is not a draft, it's a full RFC >> which was finalized five years ago. >> > > That's twice now. Just stop with this stuff. Do you seriously think I > don't understand IETF procedures? > > While you're correct that HSTS preload lists (there are multiple) are not >> just for browsers, they are just for the applications and platforms that >> maintain them. ACME clients do not generally run on such platforms, they >> usually run on server operating systems. They are under no obligation to >> use any HSTS preload list (which are not part of the HSTS spec), if there >> even was an obvious list for them to use. >> > > Your protocol is insecure. > > thanks, > Rob > >
- Re: [Acme] [Errata Held for Document Update] RFC8… Rob Sayre
- [Acme] [Errata Held for Document Update] RFC8555 … RFC Errata System
- Re: [Acme] [Errata Held for Document Update] RFC8… Rob Sayre
- Re: [Acme] [Errata Held for Document Update] RFC8… Amir Omidi
- Re: [Acme] [Errata Held for Document Update] RFC8… Aaron Gable
- Re: [Acme] [Errata Held for Document Update] RFC8… Rob Sayre
- Re: [Acme] [Errata Held for Document Update] RFC8… Seo Suchan
- Re: [Acme] [Errata Held for Document Update] RFC8… Deb Cooley
- Re: [Acme] [Errata Held for Document Update] RFC8… Seo Suchan
- Re: [Acme] [Errata Held for Document Update] RFC8… Rob Sayre
- Re: [Acme] [Errata Held for Document Update] RFC8… Aaron Gable
- Re: [Acme] [Errata Held for Document Update] RFC8… Rob Sayre
- Re: [Acme] [Errata Held for Document Update] RFC8… Deb Cooley
- Re: [Acme] [Errata Held for Document Update] RFC8… Rob Sayre
- Re: [Acme] [Errata Held for Document Update] RFC8… Seo Suchan
- Re: [Acme] [Errata Held for Document Update] RFC8… Deb Cooley
- Re: [Acme] [Errata Held for Document Update] RFC8… Rob Sayre