IETF Logo Mail Archive

[Acme] Re: Interactions between HTTPS RRs (rfc9460) and HTTP-01 DV

Erik Nygren <erik+ietf@nygren.org> Wed, 16 April 2025 18:42 UTC

Return-Path: <nygren@gmail.com>
X-Original-To: acme@mail2.ietf.org
Delivered-To: acme@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 01A591D37930 for <acme@mail2.ietf.org>; Wed, 16 Apr 2025 11:42:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.893
X-Spam-Level:
X-Spam-Status: No, score=-1.893 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ABVG95_MKmJf for <acme@mail2.ietf.org>; Wed, 16 Apr 2025 11:42:33 -0700 (PDT)
Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com [209.85.167.49]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id A6A0E1D37929 for <acme@ietf.org>; Wed, 16 Apr 2025 11:42:33 -0700 (PDT)
Received: by mail-lf1-f49.google.com with SMTP id 2adb3069b0e04-54993c68ba0so8741998e87.2 for <acme@ietf.org>; Wed, 16 Apr 2025 11:42:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744828952; x=1745433752; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=DRhlrCghyPqmHAgHPS3eHHOB+OQ8k5r3xDzCL7R3+zs=; b=OFIjmeyTKhvsuE6BBJiNLFlCUKl8QlgZBC5ZWhWf5Tn+rdZ0u4/obdte/P6/tOLwuo v2QS3JWgY4l48a9fOVnWH9VFBGXS6iOVf5HGQUG8ZpDA6IzvCidT2lU1IS0q+Qgz+QXF /50+1j/0Z+tpHJzfsmvW7QZwwnfStGea/mkeLqy8zdhpj4xm4h29iqOFCtlOZniMUtNb qG3HGoJ5L3KU+Up5CmZaQIBMfmIc6bLR9pseVFCkDk6ODIxuA8veNbbrcttbfuLpnDdo Iqo3VByvk5PCW7ycP3OaGMA0+pf+wfy0nknWEQXTw5fRO+21zLWPqU5GoOemooAeF5Gp CZQg==
X-Forwarded-Encrypted: i=1; AJvYcCUuWtChQWjiYLafq48jjc92Lw/ZwnEJczk3lzAUt7ZXGI4K3eHgNuNpMkakC0hKPPQJ+TGe@ietf.org
X-Gm-Message-State: AOJu0YxYWXwCzmFlvRsjp5F9Kf1kBTTPAZDxe4JWaQrS3dbt1mBaRvoa odRU7pfrge9WoGZLj51VMteUN6bwHqgN2pxBazdFVLrCtMHYkbhPgroeOZ19NSkwXKPNQ4smiGz TFP/+UnCvSNEbdG+y0n+OOUVHuaE=
X-Gm-Gg: ASbGnctCbQDjNkQId7nGrUH5x4tLwmlpTcc6BeCqXVgW4+X1gGUjGsCeJXZvwfeCrfl KRM3HOUSRL0ELGc7/Bz8nxJA5+5UrEUFZimY/81zv5EqToQ+9OAahNIuJwqY7jqWIspYTUeEcIf HwsSXXlent/asSh1gh+wOSIfiKM0oe9EjdoRCw4heURXbP+TKas7hw0Rg=
X-Google-Smtp-Source: AGHT+IEEQtltrMTqQv73Bt4b3PrwLtZ0hD5OTSoyMtTOAna51v0tWJoJ2/hpCuk6JJdGLzaVDKKRDuEO66ay3IUKRV8=
X-Received: by 2002:a05:6512:3190:b0:545:6fa:bf5f with SMTP id 2adb3069b0e04-54d64a7b961mr769520e87.2.1744828951932; Wed, 16 Apr 2025 11:42:31 -0700 (PDT)
MIME-Version: 1.0
References: <CAKC-DJiDx7onEahH7KcYHykzf7iqGbOgjKD45BNHcE+AmHgoWg@mail.gmail.com> <22779.1744755025@obiwan.sandelman.ca> <CAKC-DJhaAiepBjTyANko7v5cq0WxtUYVBnOAoFnQnwx-_sZYCw@mail.gmail.com> <1dfc3e86-2f99-4f47-9f5e-e18dd58eb746@cs.tcd.ie> <CAKC-DJgNYOrj5ULiTrwZV0K8OummJ8opRfyJ=DVCYgMdiSoxEg@mail.gmail.com> <CAL02cgS5VAP1kiLgKKwKs4PzFg0_H6kFUxpSoqQ4uOV5+uejMA@mail.gmail.com> <CAKC-DJiwY_oDg63moYmPQbSSSz=ThXnc-h=Gc7b4JJhfX8VU0Q@mail.gmail.com> <Z__vC4BqjsdvOM7W@kduck.mit.edu> <11909.1744827094@obiwan.sandelman.ca> <CAL02cgRJ4LVDZWAH-JA=QM3J3qLaUGB7YZ8aHPtksvp-TPN+SQ@mail.gmail.com>
In-Reply-To: <CAL02cgRJ4LVDZWAH-JA=QM3J3qLaUGB7YZ8aHPtksvp-TPN+SQ@mail.gmail.com>
From: Erik Nygren <erik+ietf@nygren.org>
Date: Wed, 16 Apr 2025 14:42:16 -0400
X-Gm-Features: ATxdqUF26uU9FZovaIKzXpj-scrOc4RddOSvY_4-VJ46IkU-ra0Vhm2rtTmeSlo
Message-ID: <CAKC-DJhpU4OVP5JPH-43B7sQz-PSc9j_tBdh8VMORmCjKrW7=Q@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: multipart/alternative; boundary="000000000000dfb8c10632e9a56a"
Message-ID-Hash: QRIMDMK56AV7YG2TVPZT5ZUETW5EVTC2
X-Message-ID-Hash: QRIMDMK56AV7YG2TVPZT5ZUETW5EVTC2
X-MailFrom: nygren@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-acme.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Michael Richardson <mcr+ietf@sandelman.ca>, Benjamin Kaduk <kaduk@mit.edu>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, IETF ACME <acme@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Acme] Re: Interactions between HTTPS RRs (rfc9460) and HTTP-01 DV
List-Id: Automated Certificate Management Environment <acme.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/grqLwJdL7VKrD0_MSQoNXYeb69U>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Owner: <mailto:acme-owner@ietf.org>
List-Post: <mailto:acme@ietf.org>
List-Subscribe: <mailto:acme-join@ietf.org>
List-Unsubscribe: <mailto:acme-leave@ietf.org>

SGTM as well.

On Wed, Apr 16, 2025 at 2:30 PM Richard Barnes <rlb@ipv.sx> wrote:

> SGTM, also because it loses the parens.
>
> On Wed, Apr 16, 2025 at 2:11 PM Michael Richardson <mcr+ietf@sandelman.ca>
> wrote:
>
>>
>> Benjamin Kaduk <kaduk@mit.edu> wrote:
>>     > "The HTTP client MUST ignore the presence and content of any HTTPS
>> DNS RRs
>>     > [RFC 9460] for the domain name being verified.  This includes, but
>> is not
>>     > limited to, a requirement that the HTTP client MUST NOT apply the
>> strict
>>     > transport security behavior specified in Section 9.5 of [RFC9460]."
>>
>> Well worded.
>>
>> --
>> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting
>> )
>>            Sandelman Software Works Inc, Ottawa and Worldwide
>>
>>
>>
>>
>>

v2.30.2 | Report a Bug | By Email | System Status