Re: [Acme] I-D Action: draft-ietf-acme-email-smime-10.txt
Fraser Tweedale <frase@frase.id.au> Thu, 12 November 2020 08:15 UTC
Return-Path: <frase@frase.id.au>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D3DA3A10CC for <acme@ietfa.amsl.com>; Thu, 12 Nov 2020 00:15:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d9tx0m88YA5w for <acme@ietfa.amsl.com>; Thu, 12 Nov 2020 00:15:00 -0800 (PST)
Received: from mail16.tpgi.com.au (mail16.tpgi.com.au [203.12.160.231]) by ietfa.amsl.com (Postfix) with ESMTP id A72AA3A100F for <acme@ietf.org>; Thu, 12 Nov 2020 00:14:59 -0800 (PST)
X-TPG-Junk-Status: Message not scanned
X-TPG-Abuse: host=123-243-182-129.static.tpgi.com.au; ip=123.243.182.129; date=Thu, 12 Nov 2020 19:14:57 +1100
Received: from bacardi.hollandpark.frase.id.au (123-243-182-129.static.tpgi.com.au [123.243.182.129]) by mail16.tpgi.com.au (envelope-from frase@frase.id.au) (8.14.3/8.14.3) with ESMTP id 0AC8EsM7007623 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 12 Nov 2020 19:14:57 +1100
Received: from bacardi.hollandpark.frase.id.au (localhost [127.0.0.1]) by bacardi.hollandpark.frase.id.au (8.15.2/8.15.2) with ESMTPS id 0AC8EslD037732 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Thu, 12 Nov 2020 18:14:54 +1000 (EST) (envelope-from frase@frase.id.au)
Received: (from fraser@localhost) by bacardi.hollandpark.frase.id.au (8.15.2/8.15.2/Submit) id 0AC8ErB3037731; Thu, 12 Nov 2020 18:14:53 +1000 (EST) (envelope-from frase@frase.id.au)
X-Authentication-Warning: bacardi.hollandpark.frase.id.au: fraser set sender to frase@frase.id.au using -f
Date: Thu, 12 Nov 2020 18:14:53 +1000
From: Fraser Tweedale <frase@frase.id.au>
To: acme@ietf.org
Cc: Alexey Melnikov <alexey.melnikov@isode.com>
Message-ID: <20201112081453.GZ95535@bacardi.hollandpark.frase.id.au>
References: <160380657214.27888.3086590447019877950@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <160380657214.27888.3086590447019877950@ietfa.amsl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/hJy0nMSM11Fjh_98VosMtrJP7hA>
Subject: Re: [Acme] I-D Action: draft-ietf-acme-email-smime-10.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2020 08:15:02 -0000
Hello!
I have some issues with this proposal.
1. It does not adequately explain how the ACME client receives
token-part2. "Over HTTPS" is vague. Presumably it comes as a field
in the challenge object, e.g.
"challenges": [
{
"type": "email-reply-01",
"url": "https://example.com/acme/chall/prV_B7yEyA4",
"token-part2": "DGyRejmCefe7v4NfDGDKfA"
}
]
This needs to be fully specified in the document.
2. It is not stated whether, in addition to sending the response
email, the client also has to POST to the challenge URL as specified
in RFC 8555 Section 7.5.1 (e.g. to signal that the email has been
sent and the server should prepare to receive and process it).
I suggest explicitly requiring the client to POST to the challenge
URL to advise the server to prepare to receive and validate it.
This is what RFC 8555 implies a client should do, and facilitates
different approaches to server implementation.
3. What is the motivation for supporting both text/plain and
multipart/alternative in the body of the response email? This
complicates server implementations, but I can't think why it would
be needed. Please either explain why both options are needed,
otherwise could it be limited to text/plain?
Thank you,
Fraser Tweedale
- [Acme] I-D Action: draft-ietf-acme-email-smime-10… internet-drafts
- Re: [Acme] I-D Action: draft-ietf-acme-email-smim… Alexey Melnikov
- Re: [Acme] I-D Action: draft-ietf-acme-email-smim… Fraser Tweedale
- Re: [Acme] I-D Action: draft-ietf-acme-email-smim… Alexey Melnikov
- Re: [Acme] I-D Action: draft-ietf-acme-email-smim… Fraser Tweedale
- Re: [Acme] I-D Action: draft-ietf-acme-email-smim… Alexey Melnikov
- Re: [Acme] I-D Action: draft-ietf-acme-email-smim… Alexey Melnikov