IETF Logo Mail Archive

Re: [Acme] [Technical Errata Reported] RFC8555 (5771)

Stefan Eissing <stefan@eissing.org> Wed, 03 July 2019 06:45 UTC

Return-Path: <stefan@eissing.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32DA91201C7 for <acme@ietfa.amsl.com>; Tue, 2 Jul 2019 23:45:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=greenbytes.de header.b=feyKrZRW; dkim=pass (1024-bit key) header.d=greenbytes.de header.b=aKCceQue
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id imrUxom9RF9u for <acme@ietfa.amsl.com>; Tue, 2 Jul 2019 23:45:47 -0700 (PDT)
Received: from mail.greenbytes.de (mail.greenbytes.de [217.91.35.233]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCB6B120135 for <acme@ietf.org>; Tue, 2 Jul 2019 23:45:47 -0700 (PDT)
Received: by mail.greenbytes.de (Postfix, from userid 117) id 6581A15A331C; Wed, 3 Jul 2019 08:45:45 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=greenbytes.de; s=mail; t=1562136345; bh=hZEyFjuJWT1JL+BCLMoN8+dwaRpBRmieFXhr+HRvzVs=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=feyKrZRW1pLTbYJjDX0NfhGyh8Lkn5sU9dd43uzEm3YIdwYy8EeJbKdIKWEAUl6xU GXhRjBvwAHX3ikcXxvosxBqvvZyiHfXG1KGIcdEErbfmRkB1yQATCV2JIcEEsi0m+P 3o1VfD5l08WQXpOJzFoyD0i/ESF0JOKx/4dCfEZ0=
Received: from [192.168.178.61] (unknown [93.207.144.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail.greenbytes.de (Postfix) with ESMTPSA id 7DFFB15A10FC; Wed, 3 Jul 2019 08:45:41 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=greenbytes.de; s=mail; t=1562136341; bh=hZEyFjuJWT1JL+BCLMoN8+dwaRpBRmieFXhr+HRvzVs=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=aKCceQuemrmjQq7D+YaIc25KxQuCiKsAgp++JzfTBi70NfVlPWrln7cQBuBJgKnZI d1Gz/2KrTu7UQQ0IM/Aa/sMQCrIALf5LUTNsEROPO3nfIaBP0mL0vzZJ0TU8uG67lc ocqiwkATHGdBujqkKnfk3Ox1Ln/zXD/KsG0T7XeE=
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Stefan Eissing <stefan@eissing.org>
X-Mailer: iPhone Mail (16F203)
In-Reply-To: <c22adae2-1dae-b6b7-e76f-d6ed48a1369c@eff.org>
Date: Wed, 03 Jul 2019 08:45:40 +0200
Cc: acme@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <703279E1-B4DB-4110-BEF8-49B8C1F6CEDB@eissing.org>
References: <20190702140400.527D3B81CB0@rfc-editor.org> <c22adae2-1dae-b6b7-e76f-d6ed48a1369c@eff.org>
To: Jacob Hoffman-Andrews <jsha@eff.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/iNY1fr0NQChL0JPUqZZjNxCGZHU>
Subject: Re: [Acme] [Technical Errata Reported] RFC8555 (5771)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jul 2019 06:45:50 -0000

+1

> Am 02.07.2019 um 19:45 schrieb Jacob Hoffman-Andrews <jsha@eff.org>:
> 
> I'm in favor of this change in spirit, but it's pretty substantive and will actually do the wrong thing with some existing deployments. For instance, https://acme-v02.api.letsencrypt.org/directory currently has:
> 
> Cache-Control: max-age=0, no-cache, no-store
> 
> Which under this language would require clients to refetch the directory before every request. Definitely Let's Encrypt should fix that, but given that RFCs are meant to reflect "rough consensus and running code," I'm reluctant to make such a potentially breaking change to running code in an errata. I also feel a little uneasy at adding a MUST that is currently violated by every implementation that exists.
> 
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme

v2.23.0 | Report a Bug | By Email