Re: [Acme] I-D Action: draft-ietf-acme-ari-03.txt

"Salz, Rich" <rsalz@akamai.com> Tue, 27 February 2024 14:30 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33998C14F6A0 for <acme@ietfa.amsl.com>; Tue, 27 Feb 2024 06:30:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WSMx40NI5wA4 for <acme@ietfa.amsl.com>; Tue, 27 Feb 2024 06:30:22 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 967DBC14F680 for <acme@ietf.org>; Tue, 27 Feb 2024 06:30:22 -0800 (PST)
Received: from pps.filterd (m0050093.ppops.net [127.0.0.1]) by m0050093.ppops.net-00190b01. (8.17.1.24/8.17.1.24) with ESMTP id 41RE24hl006422; Tue, 27 Feb 2024 14:30:22 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=jan2016.eng; bh=j53o59QYaNoNMN+iQB ExDdMZ2EH8ZUDrYRQwzRMWpBE=; b=k2d86MV4pKSy8yadCx3NtlOMbobGRclz6B Yt3uVliWA24wmleCjZ15Jc/cGo1+JWBWoXjs4KCpE6zqvCzRh9aLcQ4l8Y986sez NrYcHyUjDUIOxR//K6QtMULEy4nCBfds+PSRofNUoQ+YR9oDHmHjtSISGyV56Dq/ s9c+CoYRLyC+W/eA9tj6LzzOTBX4nd8fvNKnVvro6FbeKdyUSPxaiOHRhzPGmQYF l2jbtrxSB46F6BxAl3Td8jddmOXVETlympT8TA4XNT6aQg0Ybs5HvvnOFtPReWPn i3xLYQFuZw9yCNDQRCTa3VJgWVQ3CPE6tmydW443aCj2Cw4G7amw==
Received: from prod-mail-ppoint4 (a72-247-45-32.deploy.static.akamaitechnologies.com [72.247.45.32] (may be forged)) by m0050093.ppops.net-00190b01. (PPS) with ESMTPS id 3wf8kvdq2j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 27 Feb 2024 14:30:22 +0000 (GMT)
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.17.1.19/8.17.1.19) with ESMTP id 41RDCGOA024283; Tue, 27 Feb 2024 09:30:21 -0500
Received: from email.msg.corp.akamai.com ([172.27.50.204]) by prod-mail-ppoint4.akamai.com (PPS) with ESMTPS id 3wfcp2te9w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 27 Feb 2024 09:30:06 -0500
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb5.msg.corp.akamai.com (172.27.50.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Tue, 27 Feb 2024 06:29:43 -0800
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1258.028; Tue, 27 Feb 2024 06:29:43 -0800
From: "Salz, Rich" <rsalz@akamai.com>
To: Carl Wallace <carl@redhoundsoftware.com>, Aaron Gable <aaron@letsencrypt.org>
CC: "acme@ietf.org" <acme@ietf.org>
Thread-Topic: [Acme] I-D Action: draft-ietf-acme-ari-03.txt
Thread-Index: AQHaWtH79m/RtX2s40Oi8qKjtUQyPrEdMTEAgAEZmoCAAFsZAP//6Y+A
Date: Tue, 27 Feb 2024 14:29:42 +0000
Message-ID: <76586E07-08EB-45A8-B462-A91920888DEE@akamai.com>
References: <170742607913.20668.4615074555122263660@ietfa.amsl.com> <D16919B8-E602-4DA0-AF0A-D02EC327F019@redhoundsoftware.com> <CAEmnEreT3MGMr7rEMDJf4D6dMyRt+AU0ySyPtby8b_t9ZheX7g@mail.gmail.com> <C4FC3915-A5C7-47D1-8326-41A3B90B5960@redhoundsoftware.com>
In-Reply-To: <C4FC3915-A5C7-47D1-8326-41A3B90B5960@redhoundsoftware.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.81.24012814
x-originating-ip: [172.27.118.139]
Content-Type: multipart/alternative; boundary="_000_76586E0708EB45A8B462A91920888DEEakamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-26_11,2024-02-27_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 mlxlogscore=750 malwarescore=0 mlxscore=0 bulkscore=0 phishscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311290000 definitions=main-2402270110
X-Proofpoint-GUID: UjlBuPg9JwH28WGjP6pAsKXLdvx1wqII
X-Proofpoint-ORIG-GUID: UjlBuPg9JwH28WGjP6pAsKXLdvx1wqII
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-26_11,2024-02-27_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 lowpriorityscore=0 bulkscore=0 impostorscore=0 phishscore=0 clxscore=1011 spamscore=0 mlxlogscore=636 malwarescore=0 mlxscore=0 suspectscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2402120000 definitions=main-2402270111
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/m_GbAGKfziRFuK3P-JZApEvKE4w>
Subject: Re: [Acme] I-D Action: draft-ietf-acme-ari-03.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Feb 2024 14:30:26 -0000

[CW] I meant something like this (which also corrects a typo in the third word): “The unique identifier is constructed by concatenating the base64url-encoding (see Section 5 of [RFC4648]) of the bytes of the keyIdentifier field of certificate's Authority Key Identifier (AKI) extension (see Section 4.2.1.1 of [RFC5280]), a literal period, and the base64url-encoding of the bytes of the DER encoding of the certificate's Serial Number (without the tag and length bytes).”

Or you could break it into multiple sentences.
The unique identifier is constructed by concatenating the base64url-encoding of the bytes of the keyIdentifier field of certificate's Authority Key Identifier (AKI) extension, a literal period, and the base64url-encoding of the bytes of the DER encoding of the certificate's Serial Number (without the tag and length bytes). The encoding is defined in Section 5 of [RFC4648] and the AKI extension is defined in Section 4.2.1.1 of [RFC5280].