IETF Logo Mail Archive

Re: [Acme] FW: New Version Notification for draft-friel-acme-subdomains-03.txt

"Salz, Rich" <rsalz@akamai.com> Tue, 02 February 2021 21:41 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD5B33A0AF3; Tue, 2 Feb 2021 13:41:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.349
X-Spam-Level:
X-Spam-Status: No, score=-2.349 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 47ueYwaRRpgV; Tue, 2 Feb 2021 13:41:40 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FA803A0AE8; Tue, 2 Feb 2021 13:41:40 -0800 (PST)
Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.0.43/8.16.0.43) with SMTP id 112LUVJC022078; Tue, 2 Feb 2021 21:41:39 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=3clLELoMCB+7gdPtpF+9gzyKcuS7DdeKL2lnv7UuVp8=; b=GqoWq6Ajob+6J/rGXir3y9oTTzEACyiaxlIdc9yNGz8A+B+9FB/jhy2skCj2iTF+rPKJ /FM117srHQMLfsg4OyFsyAIt9we+VWSkiKWRgyHnViyCVNu+Mweqzg+Y0L1w6Eh4Wq5G lhvLoEBXKojrmu2TChyvAsf+X7NLWq3eoMrUjSfjyqyatSNU7ntHa9534TeoBPywtBWN vq76b4dcUXOrEgPC2kkiqAFFbFbbvc65nVx0dlp7ibOWgUHVYzJl5ZDsuRj5QxhKgrT7 LHRXtnjmFhepN/96hcBVxlMB1KLKwGBel0SLvta+4LBLbw/3D2Qev1hU37jXfCDYm7Gx GA==
Received: from prod-mail-ppoint8 (a72-247-45-34.deploy.static.akamaitechnologies.com [72.247.45.34] (may be forged)) by m0050095.ppops.net-00190b01. with ESMTP id 36f8dwdgb1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Feb 2021 21:41:39 +0000
Received: from pps.filterd (prod-mail-ppoint8.akamai.com [127.0.0.1]) by prod-mail-ppoint8.akamai.com (8.16.0.43/8.16.0.43) with SMTP id 112LaIGe009025; Tue, 2 Feb 2021 16:41:38 -0500
Received: from email.msg.corp.akamai.com ([172.27.165.118]) by prod-mail-ppoint8.akamai.com with ESMTP id 36d3p2ykra-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 02 Feb 2021 16:41:38 -0500
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.165.119) by ustx2ex-dag1mb5.msg.corp.akamai.com (172.27.165.123) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 2 Feb 2021 15:41:37 -0600
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.165.119]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.165.119]) with mapi id 15.00.1497.010; Tue, 2 Feb 2021 15:41:38 -0600
From: "Salz, Rich" <rsalz@akamai.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "Owen Friel (ofriel)" <ofriel=40cisco.com@dmarc.ietf.org>, IETF ACME <acme@ietf.org>
Thread-Topic: [Acme] FW: New Version Notification for draft-friel-acme-subdomains-03.txt
Thread-Index: AQHW6RQTUItdoLBrGEy9I5RaPRgD+6pFlvcA
Date: Tue, 02 Feb 2021 21:41:37 +0000
Message-ID: <81921864-56D2-41C5-A653-E21771054D4D@akamai.com>
References: <F6823387-8452-4FF5-8698-5E20C698E8AA@akamai.com>
In-Reply-To: <F6823387-8452-4FF5-8698-5E20C698E8AA@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.45.21011103
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.164.43]
Content-Type: text/plain; charset="utf-8"
Content-ID: <AFAFA9EA17D77746ABC6CF12E34C4456@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.737 definitions=2021-02-02_12:2021-02-02, 2021-02-02 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 suspectscore=0 spamscore=0 mlxscore=0 phishscore=0 malwarescore=0 bulkscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102020138
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.737 definitions=2021-02-02_12:2021-02-02, 2021-02-02 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1015 priorityscore=1501 suspectscore=0 spamscore=0 mlxscore=0 phishscore=0 malwarescore=0 bulkscore=0 impostorscore=0 adultscore=0 mlxlogscore=999 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102020138
X-Agari-Authentication-Results: mx.akamai.com; spf=${SPFResult} (sender IP is 72.247.45.34) smtp.mailfrom=rsalz@akamai.com smtp.helo=prod-mail-ppoint8
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/fW3cdk4gofGieN1ZfE8nwNL3rHI>
Subject: Re: [Acme] FW: New Version Notification for draft-friel-acme-subdomains-03.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2021 21:41:43 -0000

Do we have any views on these open issues?

Do we want to discuss at the virtual IETF next month?

On 1/12/21, 1:52 PM, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org> wrote:

    Reposting this to see if we can close the two open issues.


    On 10/12/20, 4:25 AM, "Owen Friel (ofriel)" <ofriel=40cisco.com@dmarc.ietf.org> wrote:

        This new draft addresses the comments that were raised back in August by Russ.

        It also explicitly lists in the Open Items https://tools.ietf.org/html/draft-friel-acme-subdomains-03*section-4  the two main open items that have been raised by Felipe and Ryan:

        1. Does the client need a mechanism to indicate that they want to authz a parent domain and not the explicit subdomain identifier? Or a mechanism to indicate that they are happy to authz against a choice of identifiers? 

        2. Does the server need a mechanism to provide a choice of identifiers to the client and let the client chose which to fulfil?

        Both would require some JSON definition work. If we can't reach consensus on the mailer, we could discuss at IETF 109 Online.

        Cheers,
        Owen


        -----Original Message-----
        From: internet-drafts@ietf.org <internet-drafts@ietf.org> 
        Sent: 09 October 2020 18:35
        To: Richard Barnes <rlb@ipv.sx>; Tim Hollebeek <tim.hollebeek@digicert.com>; Owen Friel (ofriel) <ofriel@cisco.com>; Michael Richardson <mcr+ietf@sandelman.ca>
        Subject: New Version Notification for draft-friel-acme-subdomains-03.txt


        A new version of I-D, draft-friel-acme-subdomains-03.txt
        has been successfully submitted by Owen Friel and posted to the IETF repository.

        Name:		draft-friel-acme-subdomains
        Revision:	03
        Title:		ACME for Subdomains
        Document date:	2020-10-09
        Group:		Individual Submission
        Pages:		13
        URL:            https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_id_draft-2Dfriel-2Dacme-2Dsubdomains-2D03.txt&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=BU6Y6_X7HUffuxdnapklOZeMRtGd0KkNPaAvb49LYKA&e= 
        Status:         https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dfriel-2Dacme-2Dsubdomains_&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=nVKzeNyyg4s-D5rg2gvxxaqf3bhTy0szmVOHFSVe3pQ&e= 
        Htmlized:       https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Dfriel-2Dacme-2Dsubdomains&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=8Pobbb3L_ALZLAMgcmOGrA-gFJOU9BYqtf3W8wSukRQ&e= 
        Htmlized:       https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dfriel-2Dacme-2Dsubdomains-2D03&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=c1L6LvA9uHzoce1HPiXM3fgOffVbmmoDhpzN_nu0cFE&e= 
        Diff:           https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_rfcdiff-3Furl2-3Ddraft-2Dfriel-2Dacme-2Dsubdomains-2D03&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=iG7_buccTRbxl6J5pk_IvqgfgdIUPJH3J1GmYZ9bKaY&e= 

        Abstract:
           This document outlines how ACME can be used by a client to obtain a
           certificate for a subdomain identifier from a certification
           authority.  The client has fulfilled a challenge against a parent
           domain but does not need to fulfil a challenge against the explicit
           subdomain as certificate policy allows issuance of the subdomain
           certificate without explicit subdomain ownership proof.




        Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

        The IETF Secretariat


        _______________________________________________
        Acme mailing list
        Acme@ietf.org
        https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_acme&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=ohK3nmt-JwvlYhgDVOMz6y80hA19HWsBGFGonK7XlHI&e= 

    _______________________________________________
    Acme mailing list
    Acme@ietf.org
    https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/acme__;!!GjvTz_vk!FkL4sCRJs_l1txVztBHqrQINVbEI5NFif9mE6ZxlLobD1uLAcDN5jzUKPDVv$

v2.23.0 | Report a Bug | By Email