Re: [Acme] I-D Action: draft-ietf-acme-email-smime-05.txt
"Gerd v. Egidy" <gerd.von.egidy@intra2net.com> Mon, 15 July 2019 13:01 UTC
Return-Path: <gerd.von.egidy@intra2net.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BAD412008B for <acme@ietfa.amsl.com>; Mon, 15 Jul 2019 06:01:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NGaGTDcIx--3 for <acme@ietfa.amsl.com>; Mon, 15 Jul 2019 06:01:52 -0700 (PDT)
Received: from rp02.intra2net.com (rp02.intra2net.com [62.75.181.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F8F612004C for <acme@ietf.org>; Mon, 15 Jul 2019 06:01:51 -0700 (PDT)
Received: from mail.m.i2n (unknown [172.17.128.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by rp02.intra2net.com (Postfix) with ESMTPS id 90C11100152; Mon, 15 Jul 2019 15:01:49 +0200 (CEST)
Received: from localhost (mail.m.i2n [127.0.0.1]) by localhost (Postfix) with ESMTP id 68071356; Mon, 15 Jul 2019 15:01:49 +0200 (CEST)
X-Virus-Scanned: by Intra2net Mail Security (AVE=8.3.54.60,VDF=8.16.18.180)
Received: from thunder.m.i2n (thunder.m.i2n [172.16.1.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: smtp-auth-user) by mail.m.i2n (Postfix) with ESMTPSA id 453FD272; Mon, 15 Jul 2019 15:01:38 +0200 (CEST)
From: "Gerd v. Egidy" <gerd.von.egidy@intra2net.com>
To: acme@ietf.org, Alexey Melnikov <alexey.melnikov@isode.com>
Date: Mon, 15 Jul 2019 15:01:38 +0200
Message-ID: <7748947.5WVZ9h9HFT@thunder.m.i2n>
Organization: Intra2net AG
In-Reply-To: <156260109884.927.16438195900063865237@ietfa.amsl.com>
References: <156260109884.927.16438195900063865237@ietfa.amsl.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/lBTURNGpRZxtvozKrkc6qWKUWlk>
Subject: Re: [Acme] I-D Action: draft-ietf-acme-email-smime-05.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2019 13:01:54 -0000
Hi Alexey, thanks for continuing your work on the smime draft. > 1. Do we need to handle text/html or multipart/alternative in email > challenge? Simplicity suggests "no". However, for automated > processing it might be better to use at least multipart/mixed > with a special MIME type. hmm. I guess with "automated processing" you mean an acme client on the user side. How would a multipart/mixed with a special MIME type help implementing the client? The client just needs to detect the challenge email and extract <token-part1> from the Subject:-Header. What other data, that could be in the part with the special mime type, would help implementing such a client? An ACME CA might want to include multipart/alternative and text/html to present nicely formatted usage instructions to the user when the ACME client is not integrated into the MUA. Automated clients should not be confused by such messages. The same is true for the challenge response: When the user manully copies the response from his ACME client program into his regular MUA, the MUA may compose a multipart/alternative mail with text/ html and text/plain or even just text/html. Also some company disclaimers and so on could be added automatically. How about using something like in RFC 7468? -----BEGIN ACME RESPONSE----- LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowy jxAjEuX0.9jg46WB3rR_AHD-EBXdN7cBkH1WOu0tA3M9 fm21mqTI -----END ACME RESPONSE----- This would allow the ACME server to extract the relevant data from most of such emails by stripping all html tags and ignoring everything outside the BEGIN/END block. We also should not force the response email to use a subject of "Re: ACME: <token-part1>", just "<something>ACME: <token-part1>" because MUAs with non- english language settings may use something else than "Re:" to denote a reply. Kind regards, Gerd
- [Acme] I-D Action: draft-ietf-acme-email-smime-05… internet-drafts
- Re: [Acme] I-D Action: draft-ietf-acme-email-smim… A. Schulze
- Re: [Acme] I-D Action: draft-ietf-acme-email-smim… Gerd v. Egidy
- Re: [Acme] I-D Action: draft-ietf-acme-email-smim… Alexey Melnikov