Re: [Acme] Artart last call review of draft-ietf-acme-subdomains-04
"Owen Friel (ofriel)" <ofriel@cisco.com> Fri, 25 November 2022 18:40 UTC
Return-Path: <ofriel@cisco.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9806C1524A8; Fri, 25 Nov 2022 10:40:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.596
X-Spam-Level:
X-Spam-Status: No, score=-14.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=McQ3tAiA; dkim=pass (1024-bit key) header.d=cisco.com header.b=YTOJeoya
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iQnrVQfm1ozU; Fri, 25 Nov 2022 10:40:36 -0800 (PST)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FFC3C14F6E7; Fri, 25 Nov 2022 10:39:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6524; q=dns/txt; s=iport; t=1669401595; x=1670611195; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=76KnuDMNd7UYYNUa/f099MhlszZUobKg22p6UWoLooE=; b=McQ3tAiAoho8uSqc3eyFCygr2qOxsB8Kc82X4kLs546BfLUNm6Zz/8X1 keW2cKWmJPRwqK/BPhWmowzIzzlTQxSlaOGD30pnCVJCqEIHN2AL1gKuW R+K4zd1XGARx3W5awAJ7kZvjDPB2pgsEDURYB4+oROT7u7ntcJfK3/EYu k=;
X-IPAS-Result: A0DUAgBPC4FjmIQNJK1UBh4BAQsSDECBRAuBW1KBAgJZOkWEToNMA4UviBwDnAWBLBSBEQNWDwEBAQ0BATsJBAEBhQUCFoRxAiU2Bw4BAgQBAQEBAwIDAQEBAQEBAwEBBQEBAQIBBwQUAQEBAQEBAQEdGQUOECeFaA2GUwEBAQEDEhERDAEBKQ4BCwQCAQgOAwQBAQMCJgICAjAVCAgCBAENBQgaglsBgyIDAQ+hXwGBPwKKH3qBMoEBgggBAQYEBIE4AZ1jAwaBFCyJAIgQJxyBSUSBFUOCZz6CYgKBRgIIEhWDQDmCLo59gn0ThjocNwNEHUADCzsyCkMUB1gOCR8WBg4XDQUGEgMgRiYFQQ8oLgFkKxwbB4EMKgkfFQMEBAMCBhMDIgINKTEUBCkTDSsnbwkCAyJlBQMDBCgsAwkgBBwHFhEkPAdWEigBBAMCDyA4BgMJAwIiVXMLJSYFAwsVJQgFSwQIOQUGUxICChEDEg8GJkUOSD45FgYnQgEwDg4TA12BaAQ1SIEpCgIvL5lqgQuBLnEBDkoLBFMgAl0ZLR8HEhYZIpYzrDAKg2iLTo8Ehh8Wg3iMVIZnkQdellddIIIriniaDAIEAgQFAg4BAQaBaQMwgVtwFYMiUhkPjiAMDQmDUIpedQswAgcLAQEDCYpiAQE
IronPort-PHdr: A9a23:/SyaaRLVD9SNQs8yjdmcuWEyDhhOgF28FgIW659yjbVIf+zj+pn5J 0XQ6L1ri0OBRoTU7f9Iyo+0+6DtUGAN+9CN5XYFdpEfWxoMk85DmQsmDYaMAlH6K/i/aSs8E YxCWVZp8mv9P1JSHZP1ZkbZpTu56jtBcig=
IronPort-Data: A9a23:TC9DRqyhaFRMwVI4nKJ6t+f6xirEfRIJ4+MujC+fZmUNrF6WrkUBm 2NLCm7TPayDMTOjedl0YYSwoRhSvJbXm9EwGgo/+1hgHilAwSbn6Xt1DatR0we6dJCroJdPt p1GAjX4BJloCCea/H9BC5C5xZVG/fngqoHUVaiVZEideSc+EH170Es5xrZi6mJVqYHR7z2l6 IuaT/L3YDdJ6xYsWo7Dw/vewP/HlK2aVAIw5jTSV9gS1LPtvyV94KYkGE2EByCQrr+4sQKNb 72rILmRpgs19vq2Yz+vuu6TnkYiGtY+MeUS45Zbc/DKv/RMmsA9+r1maepGUGNnt3aYmN9p1 /hI8rKMVAh8a8UgmMxFO/VZOyh6OasD87jdLD3m6YqYzlbNdD3nxPAG4EMeZNJDvL0pRzgVs 6VDcljhbTjb7w6y6LW1UOhhguwoLdLgO8UUvXQIITTxUq99EMGaEs0m4/d5xDo/oMpxPc3Pb soiYxw+NBPvcSB2bwJ/5JUWxbf02SaXnydjgFacvrZy6GHXyCRw3aTjdt3PdbSiSd9ckFrdp 2/a8SHwCRQXcceCwzaC93utgPSJlCf/cIMfCLP+8eRl6HWazWkeIBwbSVX9puO24ma3Qc53K kEI9Gwpt6da3EeiRN7VQw+55nmesXYht8F4Guk+7kSGzbDZpl/BQGMFVTVGLtchsafaWADGy HeSwo75XwVLgIHWWHWS7qi5qHScBTUaeDpqiTA/cSMJ5NzqoYcWhx3JT8p+HKPdsjETMWytq 9xthHVj74j/nfLnxI3gpgme3GzESozhC19ruFqGBwpJ+ysjPOaYi5qUBU83BBqqBK+dSlSH1 JTvs5fDtLlVZX1hedDkfQngNLit4/DAOzrGjBs2R98q9i+m/DioeoU4DNBCyKVBbphsldzBO RC7VeZtCHl7ZyHCgUhfONjZNijS5fK8fekJr9iNBja0XrB/dRWc4AZlblOK0mbmnSAEyP9ha MzCLZj2Ui1FWMyLKQZaoc9AgdfHIQhjlQvuqWzTlHxLLJLHPifOEOdZWLdwRrlhvPvsTPrpH yZ3bpvWlEo3vBzWaSjM+olbNkERMXU+HvjLRz9/KIa+zv5dMDh5UZf5mOp5E6Q8xvg9vrmTp BmVBBQHoGcTcFWac21mnFg5NuO2NXu+xFpmVRER0aGAhyZ9ONrwsv13mlleVeBPydGPBMVcF 5EtE/hsyNwWItgb01zxtaXAkbE=
IronPort-HdrOrdr: A9a23:gF/8/63u9Qrueu7vqzu87QqjBQZyeYIsimQD101hICG9Lfb3qy n+ppsmPEHP5Ar5AEtQ5expOMG7MBfhHO1OkPYs1NCZLUXbUQqTXcxfBO7ZogEIdBeOjtK1uZ 0QEZSWTeeAcGSS7vyKrzVQcexQu+VvmZrA7Yy1ohcdLj2CKZsQlTuRYTzrdXGeMTM2fKbRY6 DsgPavyQDQHEg/X4CePD0oTuLDr9rEmNbNehgdHSMq7wGIkHeB9KP6OwLw5GZRbxp/hZMZtU TVmQ3w4auu99uhzAXH6mPV55NK3PP819p4AtCWgMR9EESstu/oXvUgZ1SxhkF2nAid0idurD AKmWZlAy1H0QKTQohym2qr5+Cv6kdp15ao8y7nvZKqm72JeNt9MbsZuWqcGSGpsHbJe7pHof p2NiuixupqJAKFkyLn69fSURZ20kKyvHo5iOYWy2dSSI0EddZq3MQiFW5uYeE99RjBmckaOf grCNuZ6OddcFucYXyctm5zwMa0VnB2GhudWEANtsGczjATxRlCvgEl7d1amm1F+IM2SpFC6e iBOqN0lKtWRstTaa5mHu8OTca+F2SISxPRN2CZJ0jhCcg8Sjnwgo+y5K9w6PCheZQOwpd3kJ PdUElAvWp3YE7qAd3m5uw9zvkMehTIYd3A8LAq23EigMyOeFPCC1zwdGwT
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.96,194,1665446400"; d="scan'208";a="7139919"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 25 Nov 2022 18:39:51 +0000
Received: from mail.cisco.com (xfe-aln-001.cisco.com [173.37.135.121]) by alln-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 2APIdpxS030158 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Fri, 25 Nov 2022 18:39:51 GMT
Received: from xfe-rtp-001.cisco.com (64.101.210.231) by xfe-aln-001.cisco.com (173.37.135.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.15; Fri, 25 Nov 2022 12:39:51 -0600
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-001.cisco.com (64.101.210.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Fri, 25 Nov 2022 13:39:51 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JKeFalJf3+lcLzeUSzp5kaOBy7VUXh1Bo6bmi4iHCWx/gaNwpeYo1Idhvmr1aFFjQxckVZDNfNvVzxsTnW7h5Z2/ZvuBgIoPSllWPoIqVNP/y86JhmJnP1YedcSq4dKQad5CV5kBFct0DwE0OmvsDZN/9zzZdJiL+a6iPQAXixvXtXID7mz30b1J379pncZdPUXM0bhtsMmQP9CABiS8SWXFmMhsL1TToFhAPQilCOs/w4XX3QM4D8yeF99325UkBIZn8p2Zp8k8GvYQNkfK4/UBtulOLxu6BHV8kvGvnQa9+kAkdyhyRhInFphcK+GUd2xsMdZ9mrcBQaoYJKOjbg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=76KnuDMNd7UYYNUa/f099MhlszZUobKg22p6UWoLooE=; b=QnXKRxjQbC8Jp+CUfSZdX6gPmG6DmiHL5h5L+UkWqg//i97lzvWTAACnUjyRABm8g/LWC1JvLZ48oiyp36mSK19EeaVtXd6F2kXNiLhT0AMEG7+h5oDK26VK/ZB8BJp2V4Fka9mnT3oR04TBQVdGDRmhRvjXEvcd71tT0cp5XPJCYZBfUAedntx/J+VV+Muab0Uq6uJrHA5kxqRpNYMUGw8TT0xFY705oZckt91wjYhNuKvvcLO2KppONUI1adPM97f0Jwb+okM/Jmdt5o0ce2rewMrO5t6oQDcGlpDBkEVXZ3mSNLQUJ1EhyvL0Qb0VAmCCxY3bffo47i+CPpNL1g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=76KnuDMNd7UYYNUa/f099MhlszZUobKg22p6UWoLooE=; b=YTOJeoyauKjCYAWdOOA4UACFRC+byUtG76GjubBdNdEajCp700XClTINd586l0N7uuLQ1j1T6LEGPWYPVaamO4RfZo829ORk24Z7fcD9h45MFWq5JD+c64ehr6YXotGfb+0JEtblyvjUvb71Tt1DmDosKpJZeVX4C+Y58hL/qiU=
Received: from DS0PR11MB6445.namprd11.prod.outlook.com (2603:10b6:8:c6::11) by PH7PR11MB6745.namprd11.prod.outlook.com (2603:10b6:510:1af::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5857.18; Fri, 25 Nov 2022 18:39:48 +0000
Received: from DS0PR11MB6445.namprd11.prod.outlook.com ([fe80::c639:bd8d:70da:23fe]) by DS0PR11MB6445.namprd11.prod.outlook.com ([fe80::c639:bd8d:70da:23fe%5]) with mapi id 15.20.5857.020; Fri, 25 Nov 2022 18:39:48 +0000
From: "Owen Friel (ofriel)" <ofriel@cisco.com>
To: Carsten Bormann <cabo@tzi.org>, "art@ietf.org" <art@ietf.org>
CC: "acme@ietf.org" <acme@ietf.org>, "draft-ietf-acme-subdomains.all@ietf.org" <draft-ietf-acme-subdomains.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Thread-Topic: Artart last call review of draft-ietf-acme-subdomains-04
Thread-Index: AQHY/ylLmbvO5Mr7p0CAL/tkZddy865P9E2A
Date: Fri, 25 Nov 2022 18:39:48 +0000
Message-ID: <DS0PR11MB644523DB2B80B9EC16EC9C71DB0E9@DS0PR11MB6445.namprd11.prod.outlook.com>
References: <166920057519.27873.985755632830239385@ietfa.amsl.com>
In-Reply-To: <166920057519.27873.985755632830239385@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DS0PR11MB6445:EE_|PH7PR11MB6745:EE_
x-ms-office365-filtering-correlation-id: 16f40bb9-1145-4181-c230-08dacf146ea7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hGyd5bSQ1wB9iO1I8G4bL4hk+ceV5buKavBgLYPVvvOss9OfcFw0CWDSmL9NznKPK2TNODxUK6T9vlH6XVGdRYH6oQKIRSidVY7pBGnVWURVxWpJ+l5fmxXxnN40ygWidexhK2SA0NrZB6AoeVde+DgBtq92Bc51uHxLqb0Jj96IW+br4vcI3P/zKj9Wf8iaT5G8tQJ0R8G4EXACmPu48eEkWZTdjWnMdM+y6qdD64SFi9dtI24fEX651uJQfAZ5CARvTXVxC+N/ZjMw1D4+u3eebj+2YKnwhYpfXFP5ZwoFv0w0AGgeUFCVJkmhmT0/h5abYIn0nUCqBwvZ5URdIYZysSyGmusTBVEKNXwpPysUVLxdPs4zR/rXzE0sibwl+8+JtngSa0V6DiSxqDCFM31AfS6FGzvgRb+aevEJO1N8GdReB6w9pb7EMw6walXmNvcZj0jRgzouzgcMqVRGoQtq68feXu/a42I03Clt2D/C2Oz73irwig0Lj7sznTFtE5S17y5r5W6Kzu7183MwisAU0x2F1eWhS9g+i9OBMcvF6Ym3riUDeRQ6t4WKatPTnBGL2LDCl7kZy2SXydiwN8q9Fnn1Sg/+5AG77JGKkMZH4PYsyzAWHWmsDO+15L850gypqP5TSVNsylxcQko1MY1DFkckcfY9PdYSw66Qtoc1jO+cbCUvNC9FM9WOCv0K8qsKxeon3+eAoaVMAQHf8eC8Tjw4ZoXuRupco7lfJJy29kW2KwUXusNa35aHqx6z86k7i+4dDIzwxI46NxC7aQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DS0PR11MB6445.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(136003)(396003)(366004)(39860400002)(346002)(376002)(451199015)(478600001)(966005)(83380400001)(71200400001)(66556008)(316002)(76116006)(66946007)(64756008)(8676002)(66476007)(9686003)(66446008)(110136005)(52536014)(186003)(8936002)(41300700001)(54906003)(2906002)(6506007)(53546011)(7696005)(5660300002)(4326008)(33656002)(38070700005)(86362001)(55016003)(38100700002)(122000001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: sBbB99MIlAOLOmjhKeFUwtirfAwumB4cZhJ+lSNNJvyiCGmvQPw44z3MnBsO0uhPcubDbPoaroGo9fv+btAXR0fhj3ogr728gzD2YQg1NcxSwR27eV6bVLUt3pHgSzMw5lw96vc9JdfZCzHrzQgo+5IJIJrvihHxkcS7aGkDqFetXtOAku4prgt7uLoe5MvOCYTTTpTWt6iLZiRp+uExR7P3AgnznriaYgXqDiPmcTSUylilTlXJCq6kpk57hDnn5UHxX4LQnB+/9bIpyNg3ARopcVOS+sKYb85Oa8TKYIFlIHJUiPwe7YyuHf4JUOoE5THtE9SX4yHNyvOWiv8/kjXofthYpRtG8bDsvbrOkij1Ysm1AYaoE0P9imz/BHIi567KIKjrEVrTeX3XyRNEC04Lac9wNIgrqyfEI4C02FqyqcZGr8K/stkkDzIzzYsEJGMDPxVNYJTVm7obnvRqMHKXrDoldlrqbyIz55mpM6b+9NrhO5vbBvXdEZhfeG5VO2RcUnLQFNh+zvqEpv22Pr76SFK8s1hgQo59NAa/ZnG8iEodD3obQ1Scyoi3AKn7eF23BL/Sg82hOfkFWRCzXkGBvRdw4AvRf8U7v+62O7ALl5KEku/MkpcQtobTydUZOEqEXJQUD3NW4MM41pNZJgwnlvVYZdaxXyFxwY5i2230CXZdYmA75AF7I7g2wlXKoAL8DCyyxLffnaYV3sQ5lYtrrw/gwZU4XrHXHIGFUpgGWbStmIhKtdwIZRoLVjxgNyd3tRpXVCvuZC52hQcXS5NoDaRsnj/Zi/fRM+NvpcLjczVb1d15oxkXVTX9S9vYxjPmKHDWosSffv2BMEfK2aQ/tc0eMRAAJGXUYvfaYFCXfTMRmGg96VRDkdnRRExJJRuR103ne/RaPH4Og5xQwpXzmsMW8tiDxxB02maoewhk7fwhmpwEv4jeGIljRXb4dSGAILsMWQeb5la5GNQlwNA3wFOAgFzZ51D96+90fhVPL/H9+Jq9R0RayNcFQGiAsjkmUEToAvzIKBFEat7O/OB/+DKDtjQyRjhO/cZQBrSRVb234J5Y2IeHNrHjY9VL1/NQqnsGuYZod6XAek8kRztQNBBtsPTUXM/I3+voTULjR3QTGmeGZAfSea/T2BG9Us9AT1YJQGfbQ7dyctzrTKfwvoU9fMA9+UFsOswvOKtzxVeOr3v66RKFhwfL4zjDAA4r/8wZC3luBea9L2I1nglXEdZcLXv3GbdUXkpXnHDvXwy1scV1mfGgZCl8n7ES6JL18O+VudyjbAikFR2y7KNvPP8huROA1XOsILfhlUDadre8hnXGg5euQgnX6CkNqVOXsry6/pi5fdKgwf5SgLCbJJ09y4Geausil0GvBkp51VTaMAwMNMnsDz09TmPiVMydhQs2Kft/tuc0E1Dk+aLiFmu5U5m+A9zfk8DAc8xwKl+milKHoOjZkR7MuA0AUlBy2qDaRQEdIkwxo3qu/89f4V7M4qZh8Xl3Gm1Sb/vLHMvHkzpRwH4WKrpfnz+lMxlkeYiGrsxcWcFzctA8/XyOnkvr2MZast+GNBxlflnzUvqDc3EWtyU/xlFNUt3f7oBM9J5LIWG6IVIpN8VMTw==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB6445.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 16f40bb9-1145-4181-c230-08dacf146ea7
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Nov 2022 18:39:48.8661 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: M6ULd6cBzjM+WR5RzV0Nzp7HXKFZesO0RIfyP6tzi16jfHgLnF0AmUjffoNJ3KmRozrd6wcaVIVQPvm1NcSCjA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB6745
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.135.121, xfe-aln-001.cisco.com
X-Outbound-Node: alln-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/n9yxwAKHdQKw3yqoP3u5eIplx28>
Subject: Re: [Acme] Artart last call review of draft-ietf-acme-subdomains-04
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Nov 2022 18:40:40 -0000
Thank you Carsten for the review and comments. I created individual github issues for these comments and all other review comments of acme-subdomains at https://github.com/upros/acme-subdomains/issues I have committed fixes and closed the associated issues for 6 of these 10 comments. Michael is working on an update to address the security considerations comment: https://github.com/upros/acme-subdomains/issues/27 For the remaining three comments, please see inline below. I have proposed changes on github branches for these three, have raised PRs, but have not merged these onto master yet. Thank you for https://github.com/upros/acme-subdomains/pull/14, this has now been merged onto master. Regards, Owen -----Original Message----- From: Carsten Bormann via Datatracker <noreply@ietf.org> Sent: Wednesday 23 November 2022 10:50 To: art@ietf.org Cc: acme@ietf.org; draft-ietf-acme-subdomains.all@ietf.org; last-call@ietf.org Subject: Artart last call review of draft-ietf-acme-subdomains-04 Reviewer: Carsten Bormann Review result: Ready with Issues Thank you for an easy-to-read document that is accessible even to readers who are not ACME experts. # Minor technical ## "default value" subdomainAuthAllowed is said to have a default value (value assumed if not included) of false, i.e., absence of the field implies the value to be false (except in metadata, which is a separate inconsistency that might surprise implementers). However, in several places, the text seems to instruct the server to specifically include subdomainAuthAllowed with a value of false in certain cases, apparently turning this into a three-valued field (true, false, absent). Which one is it? (This could easily become an interoperability problem.) [ofriel] I have attempted to remove the ambiguity. I have used the patterns and guidelines associated RFC8555 wildcard usage to influence my choice of text here. I have also removed the default subdomainAuthAllowed inconsistency between authorization object (assume false if absent) and directory metadata (changed from no default to assume false if absent). https://github.com/upros/acme-subdomains/commit/91ea76cd5fce242ea389506ba02267051386c054 # Major editorial ## terminology ### parent The term "parent" is usually reserved for the direct ancestor (single edge in the graph). What is defined here really is an "ancestor domain". (Given the definition of subdomain that explicitly includes self, each domain also is its own parent domain; I'm not clear whether this is intended here.) Unfortunately, this unusual terminology is now hard-coded in the names of fields added by this specification, so it is not a purely editorial decision to adjust the terminology to common usage. [ofriel] This is blindingly obvious now that you have pointed this out. I have changed to use your recommended "ancestor domain" rather than "parent domain" terminology. I do not think its that huge an issue having to change the parentDomain field in the newOrder identifers payload to ancestorDomain, and have already started to code this up in my acmez client and pebble server golang implementations. https://github.com/upros/acme-subdomains/pull/37/commits/96e2f14521f8356a12555507714ffa80b9cc7cfa ### subdomain The definition of subdomain (of a domain given) appears to include the domain given. This fine point might be lost on the reader; it can be surprising (subalpine definitely does not include alpine). Several pieces of text sound like setting subdomainAuthAllowed to true only allows subdomains, which actually does not make a difference due to the subtlety of the meaning of subdomain. [ofriel] Indeed, the definition of subdomain lifted from RFC8499 does appear to allow this interpretation. I think the key sentence in the definition is " A domain is a subdomain of another domain if it is contained within that domain. ". If the reader/implementor interprets *another* domain as implicitly meaning a *different* domain then a domain cannot be a subdomain of itself. As a stop gap, I have proposed a clarifying explanation in acme-subdomains that does not change the RFC8499 definition, but states that for the purposes of this document a domain cannot be a subdomain of itself. Otherwise we could end up in a paradoxical situation where a server creates an authorization object for an identifier and sets "subdomainAuthAllowed"=false, but if a domain is allowed be a subdomain of itself, does this mean that the authorization is in fact not valid for itself?? https://github.com/upros/acme-subdomains/commit/50f29bd8c617efad0ba4bd56341624d67681b9a2 Does the RFC8499 definition need to be updated? What is ISEG guidance here?
- [Acme] Artart last call review of draft-ietf-acme… Carsten Bormann via Datatracker
- Re: [Acme] Artart last call review of draft-ietf-… Owen Friel (ofriel)