IETF Logo Mail Archive

Re: [Acme] [Technical Errata Reported] RFC8555 (5861)

Jacob Hoffman-Andrews <jsha@eff.org> Wed, 03 January 2024 20:28 UTC

Return-Path: <jsha@eff.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B26DC15198D for <acme@ietfa.amsl.com>; Wed, 3 Jan 2024 12:28:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=eff.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V8dlPctKUvN8 for <acme@ietfa.amsl.com>; Wed, 3 Jan 2024 12:28:55 -0800 (PST)
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2109.outbound.protection.outlook.com [40.107.92.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 267FEC151535 for <acme@ietf.org>; Wed, 3 Jan 2024 12:28:54 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fP8xGp25eE75TkfMYkZZelQkA+rvvjiqVVqiVVS2gNE6znDT2QsKJXBeRcv06mkKie+PaxWTHgiZ+UfGdl+dx4cpVcrwOOEiTywThoMarZ8JIcFGIeVlYIJA22DSXuXadmin+F6VLC2KiPGUToNLCbfKOiAOQhTMOFMUOoy2Xm7Mo64Kr+Uvj5i7qCFLxjYymTOcJXwZtBIaFcrn5TeDnAK4Uu294+9ovZuhBfq1Z+FJuHXB2rj2D3fcVqh8JomaHvfvHU/cEiZVmtPjyEc3lK8oR0OwllPxv2hDXvcHSPYmwNok9yrL1j1G1+N38qJNc4gZZyn96iv4nHsx9jXaIA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=n31nZ1DESX9yzpcY42YAEb65quvBGIjOtnXvPd3slOQ=; b=ALZWqGY/k0TbLIy+16qyy11EdqEo/h+lqeBt6i6qYqCdKjX6ozaogAW3ghXjtvGM8MB1CR4TbVuPEaQNK3vvQWG2AJDs3sBxBexqOiZb1ZRmkbvbc7tHkI2+ck01CAitJ+xzdIrs5jXbfOkWWogLewyIGTZZQDtcdGFP63Lr3kulqJ2gjWOaoxIKvqlXTR4QcFnQ3D0Bno/5GFYTxxpvOJ0tX2wNV/10vJDJrhWIh3NHJRhsK7NzeLKPYYR6rwGcFKFuTd687rNmZwc3hU3xlRIC2gjoRuwO4oT7QvFVAqTpWHkQqYajMu3NQuA92h5JVAXXiCIEMReL0GrFCEd6wA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=eff.org; dmarc=pass action=none header.from=eff.org; dkim=pass header.d=eff.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eff.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n31nZ1DESX9yzpcY42YAEb65quvBGIjOtnXvPd3slOQ=; b=R42okt4UlxxZWXs7Nq30MZ90az3maIm5TJepTmokX9p/sYxy4oicMG7km1V+KKoAOW7Bbg/ILN1DJyLWH1ONcq+kK778xFH/h8p0RnOYuNbJwkwWh/qOizP/L74nPz3nClBVwyR3yeWvkpVRW+lef+g/UrhaEasV+YZHTEh5dU0PnS00yGlic3gOblw9WhZIsNXj8/KRNU9TA3vUVv7fhBK238HlvSKgrdqwk2kaEi+VATTG3hnJiApn3rWonuXUY1nbCr6wHPKZ+zATLzIFeezvNGwLoI6vwU1xiGQg7M++Pi/jzfwQlYRMJ3xYxtioRVkcCQLJnnIaXCQ9uC/trg==
Received: from CH0PR20MB6708.namprd20.prod.outlook.com (2603:10b6:610:18f::8) by BLAPR20MB4001.namprd20.prod.outlook.com (2603:10b6:208:324::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.14; Wed, 3 Jan 2024 20:28:52 +0000
Received: from CH0PR20MB6708.namprd20.prod.outlook.com ([fe80::b246:2190:f003:eda8]) by CH0PR20MB6708.namprd20.prod.outlook.com ([fe80::b246:2190:f003:eda8%2]) with mapi id 15.20.7135.026; Wed, 3 Jan 2024 20:28:51 +0000
From: Jacob Hoffman-Andrews <jsha@eff.org>
To: Deb Cooley <debcooley1@gmail.com>, "rlb@ipv.sx" <rlb@ipv.sx>, "jdkasten@umich.edu" <jdkasten@umich.edu>, "cpu@letsencrypt.org" <cpu@letsencrypt.org>, "ofriel@cisco.com" <ofriel@cisco.com>
CC: "rdd@cert.org" <rdd@cert.org>, "ynir.ietf@gmail.com" <ynir.ietf@gmail.com>, "acme@ietf.org" <acme@ietf.org>, "rfc-editor@rfc-editor.org" <rfc-editor@rfc-editor.org>
Thread-Topic: [Acme] [Technical Errata Reported] RFC8555 (5861)
Thread-Index: AQHXC7SBHUbUNLdEhU6Q/0GOlS84wLDOWs+AgACT6sk=
Date: Wed, 03 Jan 2024 20:28:51 +0000
Message-ID: <CH0PR20MB67082ED780F3C22618C607C6DB60A@CH0PR20MB6708.namprd20.prod.outlook.com>
References: <20190923103508.6D126B80D81@rfc-editor.org> <CAGgd1OfecWRy4wZwLoBhzQKYNY8_hbQ2EN+CHdWtNffyc7k5MQ@mail.gmail.com>
In-Reply-To: <CAGgd1OfecWRy4wZwLoBhzQKYNY8_hbQ2EN+CHdWtNffyc7k5MQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=eff.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR20MB6708:EE_|BLAPR20MB4001:EE_
x-ms-office365-filtering-correlation-id: 641aac8a-4eb6-4a57-b08a-08dc0c9a9957
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: cputQ8dIxWc0NBUOZUez0Rf4674XCHzWwMWjhqoO3mxPh9QRakTGKxUuczlRHgPuqkUNANmxRseXAo/jo+lgAleTKsSPOjtRpmbZetGQBdtKda/av1i+5D+uIUN8NNq8Obi8bRgpoxw2o++lA4mjBnJ1sBAMbVPDHuDRaK7kCrKsjPe4Q/HtdBwieZeG8SCoBPfS7nRDUdTRo9zn+NZJerF4zDpXRxtfjf0MPY7CXT8n1V0e7AmS1Y/7XMzhrU15kAeWlXbTDCYJdXdgK7L4EhWGqfZcxx6DEgzr9lzQL22vpJ8svSxnVgy20Y0rTTUSzM9MXsB3PIRiUSqN7WSU2i7mhOHDRpvjULOgB3eCmAXWfpXMPwnPdp6MKtgZm6sbiNAoPsR8/VREL0W5q69MpP6P2p4QDkmxw19ZSEFMTjj+l1v+RxCOrH4YfzLzYIxeF4eoah2EyZe4l+pjLp98B4yndWs5RtDG8MJKMqG+7iajDtJoSYYBbbwYffEVEKyGzVdDBMa4loU4DYeQEV6TJa2vy8lk4CmiYS0ZbMy0y5BgTCXdhBYMX9X/FSxqB07vVnaHL244iTmJKb9kSC8Ea3SiRTd5unYYjjLZH/hjMuR7kOZbIs0A5higrfvXErTF
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR20MB6708.namprd20.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39840400004)(376002)(346002)(396003)(136003)(366004)(230922051799003)(1800799012)(64100799003)(451199024)(186009)(122000001)(38100700002)(38070700009)(55016003)(19627405001)(86362001)(26005)(6506007)(7696005)(71200400001)(9686003)(54906003)(110136005)(52536014)(8676002)(8936002)(83380400001)(64756008)(478600001)(66556008)(66476007)(66446008)(66946007)(91956017)(76116006)(316002)(4326008)(33656002)(41300700001)(4744005)(5660300002)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: MzFzDsHyqdgsCMZ6MsFipRBmizg+bvpCLS6nsVEnVoaA4qasW+SgFoWR6783DRxA8JpoB3L6RzrPB+RJ/mzkJt7GgCFDYVAggbzKvCNlkCI3miBemWXLDNEBmLMJYDOFhDCvotLDNFB1Ccxz+gDP13Jl5jLshLYEaaMRiUF/zU5ORVkov4N/shCr1CUQ9gJq5bXeIWse4Gyul9K9m8tyYAmQAqdXgJ4TI6yd7BcUSmq1tCyIFn/rmnT2hFYJbGF/xlSQhoIwxasWkx4c7Q/cEtUExtK98+lDsgVuLEEBDNQtupuxUrhOuDjKdKK/vyWR3HZLoUJeiKzLZefapoMvgkVwanJrpZBuI0LaiaODQCxLAZr9Zjd7T7cGBnLrKyjAaxCRH//JJAMyjBjJ61zi0/zigx/pWdRsA4tE5T7Jclpx7xViMCOltw5uYqNaHiyfjEulwfI20rs0CfWftCu6pDGni3SEXLseEmJLJD0uE6twulK86ib8NRiZdXewS8yXqYI3ak5DDsl51Cuf0XTVpptLEO05XGpFES03luI2wLWcVXPg6pr3uekpvgn/tAd2oQs5/tk3+rw7SGTnTJaGxEreY9XwbDnIs47GMtRM6PQYCanVCO1pLb5pEeVadDxUL7GVN07FfDNfRhZU3gAIVavb9PC3A7OaUTN55CHj9wKsHybfLlJP5Zvk9Oh8I9hY5vqDtv5MdbBiBX+0cnw27U9+GSezbGndl3IeKtFMpTREI0MhFgIFQIja8W+i4DShhe8fzE/N+1jIw4B8xiRpv8gvorHuGCJO/b1P9ZgT7yOzrCQLvAqaWkNQJ8BCDAbUCfMA3gY3sVa0q+eR7eXMCX5r4BScGH6YMGiHTSan33pTJeTQD6FiHRW3qbAprQ43GjVaFp/bXq5VGZtyvfqeylfbwc5Ow+Bnf1jdBc5Qln4GZsPXzzxVpz8Qq8fpyPeYFFK/kdaKuUHBeLqd3esnz86LsqBCWJe0iO3HbbdnZrEFDuTjMhY0HLAB1URSD2ZypbKFJyqN2sL3p0OIU2teWenwM8hSKBQYK7jL/1jxlwjzb3TMygksS43ShdlqTbiGDV36spBJ7ieRvwpoovekmVPvx6RqXkt72zHEPIRohBS8kaGGagsxMZHvrtEHbu9B+0fvrcKSbG+ot+EnzbAIDoRHS7khojLy9KZabegO/fHLeuWfF2u4ioFtVT2KrDur7hT3f9r8AlP3zpGpVtl8s0yNjsAqEfmhYQ8ytJWaEbi2AvKQv6lkvgjv+y2rhfmcPeWXK+QEThGfb6FaRA4mA1OrduU2UJWpcgl0VT2BXXLK3PRLYFzBi0YYspN3/Q2dW4N6H152xsI5MJsfFLxQ5Y0UXBQu8q//P9gB7lV5CurYinaiZ4DxP7a0OQRimoOUYhLGNPFO3A4pNTPWyJ3BZdXoEraeJc4Rm5xLzEpYTRqbA71td+rhcDTvldV8XaNmCMNefPsUzDgUBx4rudqHtkQPT9NaLw8F619C3FXmiAf/eanz0SmWNUWBFBx4RJGRAV4nZQuyUdRO95npSGyRdg==
Content-Type: multipart/alternative; boundary="_000_CH0PR20MB67082ED780F3C22618C607C6DB60ACH0PR20MB6708namp_"
MIME-Version: 1.0
X-OriginatorOrg: eff.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR20MB6708.namprd20.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 641aac8a-4eb6-4a57-b08a-08dc0c9a9957
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jan 2024 20:28:51.6887 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cb51a9a9-63f3-48a7-9375-5dc6cfad72b9
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /SmSfIpERjnpkZIpB/K5GV6C2rXUVmQnyKb9zM0KBnv7gDFZ2vxOsWGWNuveyh2d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLAPR20MB4001
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/n-rlSVyyW8pkLQV5oZkRphQAziw>
Subject: Re: [Acme] [Technical Errata Reported] RFC8555 (5861)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jan 2024 20:28:59 -0000

This overspecifies things. When someone requests to create a new authorization object (or requests to create a new order object that would necessitate creation of new authorization objects), it is up to server policy whether to reuse an existing authorization or not. For instance a server might have a policy of never reusing authorization objects (that is, doing validation from scratch every time), or it might have a policy of reusing only pending authorization objects, or only ones created in the last N hours or days.

So I think we should not accept this errata as it stands.

v2.23.0 | Report a Bug | By Email