[Acme] acme subdomains open items
"Owen Friel (ofriel)" <ofriel@cisco.com> Fri, 04 December 2020 07:22 UTC
Return-Path: <ofriel@cisco.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68EAF3A0A2B for <acme@ietfa.amsl.com>; Thu, 3 Dec 2020 23:22:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=anZC5ygz; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=0iZlY4dL
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id erqY2NJ9W_f9 for <acme@ietfa.amsl.com>; Thu, 3 Dec 2020 23:22:04 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 181083A07EB for <acme@ietf.org>; Thu, 3 Dec 2020 23:22:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5594; q=dns/txt; s=iport; t=1607066524; x=1608276124; h=from:to:subject:date:message-id:mime-version; bh=BrKxG7UxoJsm3ln36NCgmy/QfTcKF9u3Zeigy4HEVeE=; b=anZC5ygz4zfgYl0GoX1n9yrlPQizmJcd6pWeEUIrjuRdlPyhKS45u7Ip 20Ckj//Fu86QFPEc/XA2CrCocGr+50rKZIaUdLig2rxMjF7BRyTY4HZ+W xQqFl6HrF8WPnRQWyNFFkh2g/w4kIBEqvoCSUuHSjpRpUYsY+gD8MHxA8 I=;
X-IPAS-Result: A0CLBACJ4slfkJBdJa1igQmBT4EjL1F8Wy8uCod6A41alBqEcYJTA1QLAQEBDQEBJQgCBAEBhEoCghUCJTcGDgIDAQEBAwIDAQEBAQUBAQECAQYEFAEBAQEBAYY4AQuGCxsTAQE4EQGBAB8HAQQbGoMEAYF+VwMuAQ6gOwKBPIhpdIE0gwQBAQWBMwEDAgKDfhiCEAMGgTiCc4pNG4FBP4FUhXABAQIBgUQaK4MdgiyCEYEVBFECZSpHERgCmmWdWAqCcokZkj6iJZNyiwiWDQIEAgQFAg4BAQWBbCKBWXAVO4JpUBcCDY47g1eFFIVEdDcCBgoBAQMJfI4vAYEQAQE
IronPort-PHdr: 9a23:d4rOahWEH5VressIduuTZ9AXDMPV8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSBNyBufNJl+SQtLrvCiQM4peE5XYFdpEEFxoIkt4fkAFoBsmZQVb6I/jnY21ffoxCWVZp8mv9PR1TH8DzNFzfvnP06iQdSV3zMANvLbHzHYjfx828y+G1/cjVZANFzDqwaL9/NlO4twLU48IXmoBlbK02z0jE
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.78,392,1599523200"; d="scan'208,217";a="645700669"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 04 Dec 2020 07:22:03 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by rcdn-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 0B47M1sI014266 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for <acme@ietf.org>; Fri, 4 Dec 2020 07:22:01 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 4 Dec 2020 01:22:01 -0600
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 4 Dec 2020 02:21:59 -0500
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Fri, 4 Dec 2020 01:21:59 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gOT4kFhBpPK8A35CWJvfHQH06Uk3G7K2yvnqggPofENcRPYqSU0ypbPBq2whU3xqBRc5ZkqZx/G3YH7TXob4Y6fgy14w+p6BEReTLWVfld00Jna8YVnxEXcttWkVny0X0A35Z0giKVhoudM5GrYe8y+FYyvPbQ99/BRaGAS9fuulb8QtMdZC25m8WKRRIQjYkuh7odqCpNoCqdrYswHMTRf+CVk/+55JUXI0DHJoO+D8fsONQTfDmAnEH6tYEcH+rMkD57tX5ZNvYvSxssqfDb//unHD1r2taWFlU1O8fmI2kQaLBEIZJEQHnj+43ShszJG/ssCPTPgKoDWn/0c5VQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EW6XZUx4Xwgf9KUg2jsgl4A/Oc2jubRfNp70EAVLGK0=; b=V1jLPqeVomyIxBhNZwiw7D8FHgxY5J18Dyxx+FvRuphc8YQQzGGg+oxpAOt4zt0TmEO0kGqXwpb6+jc8S5+WLo4xw97ARkItUhVaXnwA+xhaqlBEfewweBV9oX+rVUb0T/qVsd2oUUidA0T2IaOx+bhV6ijhhwZLABBW8E4rsrkza8UInB5jLGCf8efyMZ6SNczAp88XvQDEUgsR7w5Mu2B0ZLCquSFBV/DneksXYuP+Tf+OgklD7cD6FwzYPRdpGry/BoMptUnehX+JrPPJSH0UCEPdwVMbA2sa34/qDC8m7Q9n8lU9EyOl0DnFunDyUMCM+Rga3ZVF0wiQDvOtfg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EW6XZUx4Xwgf9KUg2jsgl4A/Oc2jubRfNp70EAVLGK0=; b=0iZlY4dLCSNUcD2sOC+W0Y4EnmVlGSaLGVl4fjRGf0AcEh5BT4ePjBXcNFOTIgZxN5Ta7TK4ivpGa6N0nvcGNHVAev5gg+TcDaXpk0Comad2J3JAqukMxKCnp7nP44/WIeTy2P2Vep0eTM7gviQav7e6kf0GYr9tvJUorzK+3Zk=
Received: from CY4PR11MB1685.namprd11.prod.outlook.com (2603:10b6:903:22::23) by CY4PR11MB1750.namprd11.prod.outlook.com (2603:10b6:903:126::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Fri, 4 Dec 2020 07:21:58 +0000
Received: from CY4PR11MB1685.namprd11.prod.outlook.com ([fe80::3863:4623:7227:8e4e]) by CY4PR11MB1685.namprd11.prod.outlook.com ([fe80::3863:4623:7227:8e4e%10]) with mapi id 15.20.3632.018; Fri, 4 Dec 2020 07:21:58 +0000
From: "Owen Friel (ofriel)" <ofriel@cisco.com>
To: "acme@ietf.org" <acme@ietf.org>
Thread-Topic: acme subdomains open items
Thread-Index: AdbKDfR7ixOYZe4pTaW5GF7P5t9BcQ==
Date: Fri, 04 Dec 2020 07:21:58 +0000
Message-ID: <CY4PR11MB168504F6D4CF495E8AE8F729DBF10@CY4PR11MB1685.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.39.121.84]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5075792a-eb9e-4d28-16b1-08d898254983
x-ms-traffictypediagnostic: CY4PR11MB1750:
x-microsoft-antispam-prvs: <CY4PR11MB1750DC1D6B18730248B481E0DBF10@CY4PR11MB1750.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: uT4MygtwVEyg9dibMhwn+GPFODed0lLPewjtGeibxVRZkmQEXB/HgoAiWYW7zkE8sipwN+lOH9SLNM6tlr9Ox6BW/oum4gYgJeujaczzvmEUAQZgjMlwlJX2Yp325aObZLgRUiv5SW9gKYhYYsvWFXUgmcplLDivOx5l9he3VV0Ue5Zjj8Y6S3BuS8OSzOikKykeLCJUY2F4Lg0RKcJ6xSII9UEwX3AsylPTUN6lXQxpSJ5I/ZrFdhA2Tcto/T81AQFuLbQ0WrURkRo7Uup9orUWTDUgBCu1M7HaeouK9Q8kDVvGt2y2QWBAhvTk8oHgQYbX2CtrXH5BViy84FNrojwiubMCifvC4X7ESPOMylYRpKacKO/hffTm2uScUU0KMPn1pqZoQmQWgxyhnYR3MA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY4PR11MB1685.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(396003)(376002)(136003)(39860400002)(366004)(86362001)(76116006)(64756008)(55016002)(66946007)(166002)(66556008)(66446008)(33656002)(2906002)(9686003)(66476007)(83380400001)(3480700007)(8676002)(966005)(52536014)(7696005)(26005)(186003)(8936002)(6916009)(6506007)(5660300002)(478600001)(316002)(71200400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: sKvqT4Tniy89JDz2MrSwFGj+rs5q4l+vQe0QCT/yBVjhHPIg6D5dfnkDaQywcq+PxgZnMKmjp4YreWyLizR3dzhaf5Hd3SjrvJGfFjb/lzxSjM04Sfuf8HppwUeYkf9egRMEI4+hDLsoLJDe8pQS0Ufs4RdrJWJMD2FnrByZaoKTTxbvzaD3iIjFApFhwy5si58giYIQLQA6U5w3rFERsEJFtCpJMdi9JcCfWpQ9qWitGbRBhRUF8NEdpYksRE/mLxj9YJo2SgQY7LZI7RHdsX4X39CGoQjfjnLl1PYkJz6bYs8Qz9mcl8TLvrLuo8PARrKULhJk3+3gQzi5Nqmjyb7YIq9AIWgZ7spaKkgDTSN62gmBBuS7r6Fo2mjZM8UCN5UVlnqQtdg51OhjorYZpP7GMCboCaNnzyBLck/0gp+wYo7jyU0UK0CRJlnP3vnV+dKgl4ViChwGfery5fhzTueeZ2wuFOoJ8VDu+IoTPTEbembWfCNbBChDqzge8+tWqg0Zq7RKmo/TWADWpNw8nMR6L/rDq/pKdvSmMMRTfvwqsBNqo7ZlwrbpiPTdwOwgN3nYGg+8sWz1riZNt+A2xLXuzaQ6Dr1LakuNSNyzA/XYwnVMsUFAlxCy5PI9pAKoqF51ZY4/8IaWV+u41T5Ho+M8QoUwLn9bsrhQRgDd8CzmdW9cucvTwAdRg/p1XDSUbpxhl9rJXUZsOEJ+9NPyFGY3MmDoJuTzxOX5vQPnzh1Yxr9uHLQqwu0ik7uGkVbywq65nGEMIDD+O1TP3kyHBvm1vQxjtvCn9C+J6g7NLvAah17h2eSLA87PprMfi4iDi+rMDo9FhBTKa6NKs6MDr/g289Uk45frUuI8/fbuj4aI5aTDncTDIvoQyIe/SqoC0jn6WXnu3HU3p4VHgFpfWnA1AuBtkhVu4vJefLQCkvs6UNgtYVrDChHN5tmjqdEwm505COX8NT0f5WSLlOzg9stNc8aBiFpZ3JhpuwTN6e8=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_CY4PR11MB168504F6D4CF495E8AE8F729DBF10CY4PR11MB1685namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1685.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5075792a-eb9e-4d28-16b1-08d898254983
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Dec 2020 07:21:58.6515 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: oZ4b7GeEVXUzmlkelj0X0A3jz7XUDFT8uvVuO6NawGnmbbsICWC+OlcytISx6NuhLMAjy+/jSQWU9z9YSegvfw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1750
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.13, xch-aln-003.cisco.com
X-Outbound-Node: rcdn-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/k2K0pDuJOkT05J7J0wXJE-SMPjM>
Subject: [Acme] acme subdomains open items
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2020 07:22:06 -0000
Hi all, As recommended by the chairs at IETF109, bring the two open items to the list for discussion. These were raised by Felipe and Ryan previously. 1: Does the client need a mechanism to indicate that they want to authorize a parent domain and not the explicit subdomain identifier? Or a mechanism to indicate that they are happy to authorize against a choice of identifiers? E.g. for foo1.foo2.bar.example.com, should the client be able to specify anywhere from 1 to 4 identifiers they are willing to fulfil challenges for? 2: Does the server need a mechanism to provide a choice of identifiers to the client and let the client chose which challenge to fulfil? E.g. for foo1.foo2.bar.example.com, should the server be able to specify anywhere from 1 to 4 identifiers that the client can pick from to fulfil? Both 1 and 2 require JSON object definition changes. Currently, the document only defines how a client can submit a newOrder / newAuthz for a subdomain, and the server can chose any one parent identifier that it requires a challenge fulfilment on Owen https://datatracker.ietf.org/meeting/109/materials/slides-109-acme-subdomains-01 https://tools.ietf.org/html/draft-friel-acme-subdomains-03#section-4
- [Acme] acme subdomains open items Owen Friel (ofriel)
- Re: [Acme] acme subdomains open items Felipe Gasper
- Re: [Acme] acme subdomains open items Owen Friel (ofriel)
- Re: [Acme] acme subdomains open items Ryan Sleevi
- Re: [Acme] acme subdomains open items Owen Friel (ofriel)
- Re: [Acme] acme subdomains open items Ryan Sleevi
- Re: [Acme] acme subdomains open items Michael Richardson
- Re: [Acme] acme subdomains open items Ryan Sleevi
- Re: [Acme] acme subdomains open items Michael Richardson
- Re: [Acme] acme subdomains open items Ryan Sleevi
- Re: [Acme] acme subdomains open items Michael Richardson
- Re: [Acme] acme subdomains open items Ryan Sleevi
- Re: [Acme] acme subdomains open items Owen Friel (ofriel)
- Re: [Acme] acme subdomains open items Michael Richardson
- [Acme] should acme-subdomains support http-01 cha… Michael Richardson
- Re: [Acme] should acme-subdomains support http-01… Ryan Sleevi