Re: [Acme] Want client-defined callback port
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 23 April 2015 01:51 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31AFD1B2D43 for <acme@ietfa.amsl.com>; Wed, 22 Apr 2015 18:51:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QbeQgi7iUFhH for <acme@ietfa.amsl.com>; Wed, 22 Apr 2015 18:51:15 -0700 (PDT)
Received: from mail-lb0-x22b.google.com (mail-lb0-x22b.google.com [IPv6:2a00:1450:4010:c04::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A577E1B2D3F for <acme@ietf.org>; Wed, 22 Apr 2015 18:51:13 -0700 (PDT)
Received: by lbbqq2 with SMTP id qq2so2750324lbb.3 for <acme@ietf.org>; Wed, 22 Apr 2015 18:51:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=In71pk5AXNG4MW9rhkO8sPrxRm9qS8QoMjnC/lG+VfE=; b=RYrDB/tqvPb6Gc/jCNDVJSFRxkihHxLpadV4a1su4TQLeCB7yO9GtUiKcQ0BMBFjg6 uqYJ9EbdQ9HUFzbRFNparQ+opr+7p+CZur14xKlqJzT2UMQ4vrTr5paYPxGeoWLMhpGk +PINRyoNp9m/qUAe3MDqa+D6ODE7nZU6i26UxFBRxjkCC0rYlGwUPCBIR2r5HCEn1dLO StsCUReRjiQupumlQzoOJ/JmS2j1X1Jfoju/YdQCWsYTovZVhXjqAJGRoBHAUvAXKh3B jV803JZAC7iemhIrQ4oBXT0/PF6qzLvsBxnH6S/DxIadwZjNgsBkKCG5cPyMsh50MJyA 4qAA==
MIME-Version: 1.0
X-Received: by 10.112.42.233 with SMTP id r9mr401446lbl.58.1429753872232; Wed, 22 Apr 2015 18:51:12 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Wed, 22 Apr 2015 18:51:12 -0700 (PDT)
In-Reply-To: <CABkgnnVP4as97fXe7XTFpC=rw6ETdXY5s=1cRj1Xan1sgDsx3A@mail.gmail.com>
References: <352DA5FE-AC6F-49A7-8F9F-70A74889204F@apple.com> <CAK3OfOjey4bk02qC_jj2c0AzZ54qnP=KAJnG=mXnO6A5gZ4m9g@mail.gmail.com> <CAL02cgQ94ijVrCM9SStcodRW+XSG2w5Zwu3+ny8HriDBnxjdtg@mail.gmail.com> <FF21526F-BA8D-4F54-AAE3-047632706668@apple.com> <CAL02cgSDk0TNYusEkXA3onmqF7=kaAWhHjpW8WjbiqxgQMdQwQ@mail.gmail.com> <555F6C74-2416-4893-BDEA-A3C2E55A6D57@apple.com> <16985cf1c8c444c48d328fa766ec5ff8@usma1ex-dag1mb2.msg.corp.akamai.com> <DE264105-7317-4343-BCEE-539A73D42544@apple.com> <CAL02cgTv5Zi4wP0gJPvcrty6N96pAaLRkCveyvMNfoyjQrrEyw@mail.gmail.com> <0609C348-A6D8-46D5-AF58-5BE69910D261@apple.com> <CAL02cgT_DPY-Bn9A=UtCx+g2FKHON-TXGCWfH-gL8rR4yEFHZg@mail.gmail.com> <CA+9kkMAqte7O0k0KVRLRaEOmJL-wK0ncoruv3yoqKBjZVnc99g@mail.gmail.com> <CABkgnnVP4as97fXe7XTFpC=rw6ETdXY5s=1cRj1Xan1sgDsx3A@mail.gmail.com>
Date: Wed, 22 Apr 2015 21:51:12 -0400
X-Google-Sender-Auth: iunUEECpYF0AbLH8hPECme-6keU
Message-ID: <CAMm+Lwg5GiknSceb1Ocs=VxA1cZpmcrmZbPeXpgfAHbOC3CUcw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/eDJVpmhWn_Wst4nDRcL6GbDRIvw>
Cc: Ted Hardie <ted.ietf@gmail.com>, Richard Barnes <rlb@ipv.sx>, "Salz, Rich" <rsalz@akamai.com>, "acme@ietf.org" <acme@ietf.org>, Bruce Gaya <gaya@apple.com>, Nico Williams <nico@cryptonector.com>
Subject: Re: [Acme] Want client-defined callback port
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2015 01:51:17 -0000
I think this discussion is getting way too deep into the weeds of policy. That isn't a concern IETF has generally taken a definitive stand on. If it had there would not have been the need to set up CABForum outside IETF. As I see it the specification should allow: * A mechanism for the client to indicate the proof(s) of DNS control it can provide. * A mechanism for the service to indicate the proof(s) of DNS control it will accept. Who offers and who chooses is something the protocol can make a decision on but it is probably best if a 'no' from the service is accompanied by a list of what is acceptable. It is useful for IETF to provide security considerations on particular proofs but IETF cannot and should not choose. That is ultimately up to the people who write the path validation code and the data it consumes (including root lists). They bear the liability, unless they can figure out how to hand the hot potato to someone else. Another reason to not make the choice in IETF is that this is not a once and for all decision. It is a decision that should be under constant review.
- [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Jacob Hoffman-Andrews
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Nico Williams
- Re: [Acme] Want client-defined callback port Salz, Rich
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Randy Bush
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Salz, Rich
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Viktor Dukhovni
- Re: [Acme] Want client-defined callback port Salz, Rich
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Ted Hardie
- Re: [Acme] Want client-defined callback port Martin Thomson
- Re: [Acme] Want client-defined callback port Phillip Hallam-Baker
- Re: [Acme] Want client-defined callback port Peter Eckersley
- Re: [Acme] Want client-defined callback port Martin Thomson
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Phillip Hallam-Baker
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Phillip Hallam-Baker
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Salz, Rich
- Re: [Acme] Want client-defined callback port Phillip Hallam-Baker
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Viktor Dukhovni
- Re: [Acme] Want client-defined callback port Michael Ströder