Re: [Acme] Éric Vyncke's No Objection on draft-ietf-acme-caa-06: (with COMMENT)
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Mon, 20 May 2019 16:08 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3366F1201A3; Mon, 20 May 2019 09:08:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Mj1sacRd; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=HfKws0hv
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HaVa_xzKQz8f; Mon, 20 May 2019 09:08:01 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C7A21201BE; Mon, 20 May 2019 09:07:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2788; q=dns/txt; s=iport; t=1558368470; x=1559578070; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=yYdeRUzuQAhw2Lr6xSS6M+taBhWIKZlZIhz89Uo2biA=; b=Mj1sacRd5x6lpLMWSmFTh62Ds467ahd+nb8z/wbLA8t5eDmMAbIrpSQ8 NSRXPAVtxszpbo8yPiZA5kiKBkldi1fPKiq7BAgfaDpFeMHX01O/+bnrJ MYXmaVUKwQZixC7FmMvaBxQSxPQGFREfPW7bLCb5OlImzzF4BVYsyhEPX g=;
IronPort-PHdr: 9a23:3qhxDRCjfmuY4roGOmKbUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qs13kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMfkuHwQAld1QmgUhBMCfDkiuIeD7aSc5EexJVURu+DewNk0GUMs=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0B+AADBz+Jc/5NdJa1lHgEGBwaBUQkLAYE9UANpVSAECyiEE4NHA453gjKXTIEuFIEQA1QJAQEBDAEBJQgCAQGEQAIXgiUjNAkOAQMBAQQBAQIBBG0cDIVLAgQSEREMAQE3AQ8CAQgODAImAgICMBUFCwIEDgUigwABgWoDHQECDJsxAoE1iF9xgS+CeQEBBYUBGIIPAwaBDCgBi1AXgUA/gTgME4JMPoJhAoFJGBeCczKCJos0ghUtmiYJAoINhi6MThuCHYZVBYlHg2GDF4YligOOTgIEAgQFAg4BAQWBTziBV3AVZQGCQYEYd4NvilNygSmODgEB
X-IronPort-AV: E=Sophos;i="5.60,492,1549929600"; d="scan'208";a="279983169"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 20 May 2019 16:07:49 +0000
Received: from XCH-RCD-007.cisco.com (xch-rcd-007.cisco.com [173.37.102.17]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id x4KG7mPe008764 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 20 May 2019 16:07:49 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-RCD-007.cisco.com (173.37.102.17) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 20 May 2019 11:07:48 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 20 May 2019 12:07:46 -0400
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 20 May 2019 12:07:46 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yYdeRUzuQAhw2Lr6xSS6M+taBhWIKZlZIhz89Uo2biA=; b=HfKws0hvQGRkzPfGmDm2LWcsyf4B10HkJ073MgNgN9YLdY9lkTSoU2Lq3+MkTX/so87XoMpPA3L5SBwkCJ2sReIT9Aa5btn/uLpf69D90SroNNHP//TwbB1+cQ5vVjQaKWeQX4ZrAyiqJIhpEPhE9e1RhTEK9IGM4LK4R+HU3gM=
Received: from MN2PR11MB4144.namprd11.prod.outlook.com (20.179.150.210) by MN2PR11MB4013.namprd11.prod.outlook.com (10.255.181.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1900.18; Mon, 20 May 2019 16:07:45 +0000
Received: from MN2PR11MB4144.namprd11.prod.outlook.com ([fe80::1990:d953:1387:d1a7]) by MN2PR11MB4144.namprd11.prod.outlook.com ([fe80::1990:d953:1387:d1a7%7]) with mapi id 15.20.1900.020; Mon, 20 May 2019 16:07:45 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Hugo Landau <hlandau@devever.net>
CC: The IESG <iesg@ietf.org>, "draft-ietf-acme-caa@ietf.org" <draft-ietf-acme-caa@ietf.org>, Daniel McCarney <cpu@letsencrypt.org>, "acme-chairs@ietf.org" <acme-chairs@ietf.org>, "acme@ietf.org" <acme@ietf.org>
Thread-Topic: Éric Vyncke's No Objection on draft-ietf-acme-caa-06: (with COMMENT)
Thread-Index: AQHVDw2PNr+AZ1d29EuUw+7+Nw+g8aZ0HW8AgAAyTQA=
Date: Mon, 20 May 2019 16:07:45 +0000
Message-ID: <C228F3C2-8627-4E3F-B8B2-F2F2ECC71C3D@cisco.com>
References: <155835787696.12964.5171712087418713494.idtracker@ietfa.amsl.com> <20190520150742.GA24816@axminster>
In-Reply-To: <20190520150742.GA24816@axminster>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.19.0.190512
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evyncke@cisco.com;
x-originating-ip: [2001:420:c0c1:36:e5aa:dbcf:fdc9:7d7a]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 68ed650c-7c55-4d6a-09bc-08d6dd3d4bbf
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:MN2PR11MB4013;
x-ms-traffictypediagnostic: MN2PR11MB4013:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <MN2PR11MB4013BA9FF4093CBA35E4AFFFA9060@MN2PR11MB4013.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 004395A01C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(136003)(346002)(366004)(396003)(199004)(189003)(52314003)(7736002)(66446008)(64756008)(66556008)(66476007)(102836004)(14444005)(99286004)(256004)(229853002)(8936002)(6916009)(6246003)(86362001)(6506007)(46003)(4326008)(25786009)(6116002)(91956017)(76116006)(73956011)(81156014)(81166006)(36756003)(186003)(66946007)(6486002)(5660300002)(68736007)(446003)(53936002)(76176011)(6436002)(11346002)(476003)(2616005)(14454004)(71190400001)(486006)(82746002)(83716004)(71200400001)(6512007)(478600001)(224303003)(6306002)(305945005)(33656002)(54906003)(2906002)(316002)(58126008); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4013; H:MN2PR11MB4144.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: M2LOVD8XkZ3hUOWUvoyBpR0oN151YXlpVGAY1XzJ7hmUbJR1wT5lTJjrZDvZ9ef8rMPwz3f5o6GLcbSNGYYxCG+0ma37MQO3S9gE3U3p7dWNgtTeHxHGAIuZegsatPscVVcnXtkvcVnZEZA6gGyAq9AT88OYGKSSLhGHL5KSNon9euIMdlnFhCDDpF9q4iMobf4N7Owubob5bwzGQXQKZ/mlNKex4RV2pLYhd/z2xMTk+90/Ip/2Mu+U+ADW6XUsUSTxErLnwR047lL1lBtYUVxSr/QdhJAVwvqZTNc6LXNztQ3R06/PICh/MAXmfHhsYGFM1WABseiZTsMC/fPOXSMj8a0kWWZY/4WyCE5YJPAM6hNELY1UHelAO8/VZvz20Hyxq6qJ9u4Mw5DzW2g7+kbmVaI7aeuM6AudjKHey7U=
Content-Type: text/plain; charset="utf-8"
Content-ID: <78CEFD5E2656C141A9374381ACE80A75@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 68ed650c-7c55-4d6a-09bc-08d6dd3d4bbf
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 May 2019 16:07:45.1379 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4013
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.17, xch-rcd-007.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/hpneQlprRBr_Bbyy0zFTYx4wVOI>
Subject: Re: [Acme] Éric Vyncke's No Objection on draft-ietf-acme-caa-06: (with COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 May 2019 16:08:03 -0000
Thank you very much Hugo for such a prompt reply! -éric On 20/05/2019, 17:09, "Hugo Landau" <hlandau@devever.net> wrote: > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Hugo, thank you for the work put into this document. Adding some examples was a > good idea. > > I found it interesting that the security section represents roughly 50% of the > document ;-) > > I have two comments and one nit. See below. > > == COMMENTS == > > -- Section 2 -- > > Please use RFC 8174 boiler template for this section ;-) Done. > > -- Section 3 -- > > The word 'applicable' is used but never strictly defined. If defined in another > document, please add a reference (perhaps in the section 2), else please define > it. Hm. Reworking this turned out to be tricky. The CAA RFC doesn't really provide much in terms of terminology to hang off of, here, and I don't want to duplicate large amounts of the CAA RFC into this RFC just to express the same concept. After some thinking about it, it felt to me like all possible rewordings of this paragraph that came to mind were more likely to give people the wrong idea than clarify matters. I think this paragraph is superfluous anyway, so I've removed it. > > == NIT == > > -- abstract -- > > Expand CAA, CA in the abstract ? Done. I've also fixed a small bug I noticed, one of the examples hadn't been updated to reflect the switch from "non-acme" to a CA-specific prefix "ca-". You can view the changes here: <https://github.com/ietf-wg-acme/acme-caa/compare/draft-ietf-acme-caa-06...master> I'll roll up these changes into a new I-D barring any further comments in the next 24 hours.
- [Acme] Éric Vyncke's No Objection on draft-ietf-a… Éric Vyncke via Datatracker
- Re: [Acme] Éric Vyncke's No Objection on draft-ie… Hugo Landau
- Re: [Acme] Éric Vyncke's No Objection on draft-ie… Eric Vyncke (evyncke)