IETF Logo Mail Archive

Re: [Acme] [Editorial Errata Reported] RFC8823 (7508)

richard@zotrus.com Fri, 05 May 2023 14:29 UTC

Return-Path: <richard@zotrus.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4246DC13AE29 for <acme@ietfa.amsl.com>; Fri, 5 May 2023 07:29:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.894
X-Spam-Level:
X-Spam-Status: No, score=-6.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JUQ-C2Op36zG for <acme@ietfa.amsl.com>; Fri, 5 May 2023 07:29:24 -0700 (PDT)
Received: from out28-170.mail.aliyun.com (out28-170.mail.aliyun.com [115.124.28.170]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1528BC13AE28 for <acme@ietf.org>; Fri, 5 May 2023 07:29:22 -0700 (PDT)
X-Alimail-AntiSpam: AC=CONTINUE; BC=0.09068226|-1; CH=green; DM=|CONTINUE|false|; DS=CONTINUE|ham_regular_dialog|0.0269847-0.000752538-0.972263; FP=0|0|0|0|0|-1|-1|-1; HT=ay29a033018047209; MF=richard@zotrus.com; NM=1; PH=DS; RN=3; RT=3; SR=0; TI=SMTPD_---.SZ9HXWu_1683296956;
Received: from RLAPC(mailfrom:richard@zotrus.com fp:SMTPD_---.SZ9HXWu_1683296956) by smtp.aliyun-inc.com; Fri, 05 May 2023 22:29:17 +0800
From: richard@zotrus.com
To: 'Alexey Melnikov' <alexey.melnikov@isode.com>, 'RFC Errata System' <rfc-editor@rfc-editor.org>
Cc: acme@ietf.org
References: <20230505000116.94627563F1@rfcpa.amsl.com> <cbf4bb62-d4c7-003b-60e5-b3438e87a048@isode.com>
In-Reply-To: <cbf4bb62-d4c7-003b-60e5-b3438e87a048@isode.com>
Date: Fri, 05 May 2023 22:29:17 +0800
Message-ID: <003d01d97f5d$f9bbc9a0$ed335ce0$@zotrus.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_003E_01D97FA1.07DF09A0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHO1WOOBs/sYOcJgaKsdavEeRq3gQF2nA7cr1Vbl4A=
Content-Language: zh-cn
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/kcHV2xcROTSWj5VLJUMZlF2TFZ4>
X-Mailman-Approved-At: Fri, 05 May 2023 08:15:44 -0700
Subject: Re: [Acme] [Editorial Errata Reported] RFC8823 (7508)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 May 2023 14:29:28 -0000

Hi Alexey,

 

I think this is not a solution since all RFC ACME use example.com for ACME server, no need to be an exception for RFC8823.

 

 

Best Regards,

 

Richard Wang

 

From: Alexey Melnikov <alexey.melnikov@isode.com> 
Sent: Friday, May 5, 2023 10:13 PM
To: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: richard@zotrus.com; acme@ietf.org
Subject: Re: [Acme] [Editorial Errata Reported] RFC8823 (7508)

 

Hi,

On 05/05/2023 01:01, RFC Errata System wrote:

The following errata report has been submitted for RFC8823,
"Extensions to Automatic Certificate Management Environment for End-User S/MIME Certificates".
 
--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid7508
 
--------------------------------------
Type: Editorial
Reported by: Richard Wang  <mailto:richard@zotrus.com> <richard@zotrus.com>
 
Section: 3.1 and 3.2
 
Original Text
-------------
Figure 1:
  Message-ID:  <mailto:A2299BB.FF7788@example.org> <A2299BB.FF7788@example.org>
  From: acme-generator@example.org <mailto:acme-generator@example.org> 
  To: alexey@example.com <mailto:alexey@example.com> 
 
Figure 2:
   Message-ID:  <mailto:111-22222-3333333@example.com> <111-22222-3333333@example.com>
   In-Reply-To:  <mailto:A2299BB.FF7788@example.org> <A2299BB.FF7788@example.org>
   From: alexey@example.com <mailto:alexey@example.com> 
   To: acme-generator@example.org <mailto:acme-generator@example.org> 
 
Corrected Text
--------------
Figure 1:
  Message-ID:  <mailto:A2299BB.FF7788@example.com> <A2299BB.FF7788@example.com>
  From: acme-generator@example.com <mailto:acme-generator@example.com> 
  To: alexey@example.org <mailto:alexey@example.org> 
 
Figure 2:
   Message-ID:  <mailto:111-22222-3333333@example.org> <111-22222-3333333@example.org>
   In-Reply-To:  <mailto:A2299BB.FF7788@example.com> <A2299BB.FF7788@example.com>
   From: alexey@example.org <mailto:alexey@example.org> 
   To: acme-generator@example.com <mailto:acme-generator@example.com> 

I generally agree that there is a problem that email messages in Sections 3.1 and 3.2 don't match the following challenge in Section 3:

    {
      "type": "email-reply-00",
      "url":  <https://example.com/acme/chall/ABprV_B7yEyA4f> "https://example.com/acme/chall/ABprV_B7yEyA4f",
      "from":  <mailto:acme-challenge+2i211oi1204310@example.com> "acme-challenge+2i211oi1204310@example.com",
      "token": "DGyRejmCefe7v4NfDGDKfA"
    }

However I propose an alternative fix that might be smaller. I suggest to change the above challenge in Section 3:

OLD:

    {
      "type": "email-reply-00",
      "url": "https://example.com/acme/chall/ABprV_B7yEyA4f",
      "from": "acme-challenge+2i211oi1204310@example. <mailto:acme-challenge+2i211oi1204310@example.com> com",
      "token": "DGyRejmCefe7v4NfDGDKfA"
    }

NEW:

    {
      "type": "email-reply-00",
      "url": "https://example.org/acme/chall/ABprV_B7yEyA4f",
      "from": "acme-challenge+2i211oi1204310@example. <mailto:acme-challenge+2i211oi1204310@example.org> org",
      "token": "DGyRejmCefe7v4NfDGDKfA"
    }

After this change example.org would be the ACME server domain and example.com would be the user domain.

 

Best Regards,

Alexey

 
 
Notes
-----
Accoording to RFC8555, the domain example.com used for ACME server, the example.org used for the Client.
 
Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
can log in to change the status and edit the report, if necessary. 
 
--------------------------------------
RFC8823 (draft-ietf-acme-email-smime-14)
--------------------------------------
Title               : Extensions to Automatic Certificate Management Environment for End-User S/MIME Certificates
Publication Date    : April 2021
Author(s)           : A. Melnikov
Category            : INFORMATIONAL
Source              : Automated Certificate Management Environment
Area                : Security
Stream              : IETF
Verifying Party     : IESG
 
_______________________________________________
Acme mailing list
Acme@ietf.org <mailto:Acme@ietf.org> 
https://www.ietf.org/mailman/listinfo/acme

v2.23.0 | Report a Bug | By Email