Re: [Acme] Fwd: New Version Notification for draft-suchan-acme-onion-00.txt
Richard Barnes <rlb@ipv.sx> Wed, 11 May 2022 12:36 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2BE8C1850C7 for <acme@ietfa.amsl.com>; Wed, 11 May 2022 05:36:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6V0cIJJVceMa for <acme@ietfa.amsl.com>; Wed, 11 May 2022 05:36:47 -0700 (PDT)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2710C1850C1 for <acme@ietf.org>; Wed, 11 May 2022 05:36:46 -0700 (PDT)
Received: by mail-qt1-x82c.google.com with SMTP id y3so1820941qtn.8 for <acme@ietf.org>; Wed, 11 May 2022 05:36:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2sttVvV96XAjbGpzhJpdlsqsv7CdflpG9RfAAVZYJbE=; b=LAUykSBTztBmQk6rPua+adJGZspSIjbivHsKZtxd/SFgFjgsEEWaYQtvoGwQGQmx/O MBQQTFNfPmehvb7Lavsy3b1DQa3Ym5YrsFlacBQW46Fds+UzWWDk1q5/haLfvtlwtrK9 JAIINi0wD7giFSPN94ibgwmmvYHsRJBvwf2E4FLtGSl5E6abe622WKg0yUBHw+jrYi/q DpbxCGtFLhzzg7285+NDCkooqOkcWZ1v81zcacZIMlJ0c+F1oTO5XpLfR1Qf02KMfXH1 9QuYvxrAwOcVwrR7u0PNUjvFVbZ6M2wZeISw0l/fNH+R308nVWlBY9jhZjUfohYrfKIs 2ndQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2sttVvV96XAjbGpzhJpdlsqsv7CdflpG9RfAAVZYJbE=; b=riJGOXT8IaZX4+GDTfDPeUT46cDEq+VVFM1CvYdZ1o70EfKnAYTYmpl7WcMnP1VGVy LgJ1Qn1b1hYx30T0ZZY6IZba8cHKKljFvskyWjzh3i83hKCOhJ82gSYqLl85pGGF7rNc lGC8vp6P9AfHAPhn+17XYN1f5Ej9Ux07OhtDRIiEq0iS/aX6nEKY8mX4xhfGtMQtjDLJ NM0wwli5cTQAZir3iy5dJWGgR1IQFXcBXpUKNY8dmn0A4wyPl0kp29SXGGqsGdAeiEvW UbfFozgVOaUxWdRETaBvHIDGEJS7kfgN9H6/Xds6QjBQRfXa4cFJITbcfSB4wOvk5Sy5 /2qg==
X-Gm-Message-State: AOAM5301nOp0nb7O72CONiiYBhAr7FCwpia3PJfqh+14kVZ5PTwLb05/ G2suSEPA0Iu0CJzvI0HgYPSvBsOL7nlD+kIrYScpQ+vNZn4=
X-Google-Smtp-Source: ABdhPJz2roeKl9JBqWP3tFqE+0WWU6FrR+mZd2NHwf4GTJDAdGB/rWx6gxLNtw8P1NV5EvWqTuZ9yBZaHpfKihmIfzI=
X-Received: by 2002:ac8:5745:0:b0:2f3:e231:bc12 with SMTP id 5-20020ac85745000000b002f3e231bc12mr7729777qtx.291.1652272605627; Wed, 11 May 2022 05:36:45 -0700 (PDT)
MIME-Version: 1.0
References: <165223464132.47931.4315903453826863737@ietfa.amsl.com> <6aa1a959-577f-953f-4f4d-303f872fc0f3@gmail.com>
In-Reply-To: <6aa1a959-577f-953f-4f4d-303f872fc0f3@gmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Wed, 11 May 2022 08:36:35 -0400
Message-ID: <CAL02cgRKB-AmdhrHvxVf9t3sXHyOo0RCbYkqgqdm3j9+aVkh3A@mail.gmail.com>
To: Seo Suchan <tjtncks@gmail.com>
Cc: acme@ietf.org
Content-Type: multipart/alternative; boundary="000000000000bb1a5f05debbb17f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/oju9dsL6asoigPs3otvMy4GhMGM>
Subject: Re: [Acme] Fwd: New Version Notification for draft-suchan-acme-onion-00.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2022 12:36:47 -0000
Yep, this is the right way to suggest a new draft! Thanks for writing this up. One high-level comment on a quick skim: I don't think you need the new identifier type. Since .onion is a "legit" TLD [RFC7686], onion names are part of the DNS namespace. It's OK for CAs to have different policies for different domain names. Obviously the CABF requirements would require a CA to validate .onion names differently, but that's up to the CA's internal logic to choose different challenges. Note that they already need such logic, since a client can already send in a .onion name, and the CA shouldn't validate it like a normal name. In general, it would be good to understand what extra work is really needed here. As you point out, http-01 and tls-alpn-01 work for onion names; is the new challenge type better in some way? On Tue, May 10, 2022 at 10:18 PM Seo Suchan <tjtncks@gmail.com> wrote: > > I'm new to rfc draft thing: is this right way to suggest a new draft? > > in appendix I made some questions. copyting them here: > > should this be about onion address, or all kind of alternative DNS systems? > should identifier type and challenge type include or strip -v3 tag from > its name? if we include that how about this doc name itself? http-01 and > tls-alpn-01 over tor will work as well for like onion address V2 or V12, > but csr challenge may not. but it's reasonable to ask same identifier > type should give same set of challenges. > should the as rigid as complying this will make comply CA/B Baseline > requirement? > while type onion domain name just full onion v3 name itself with example > subdomain will exceed rfc line limit. but using ... doesn't right in > context of domain name. any alternative to express truncated FQDN? would > "example.onion" work while it wouldn't be valid onion name? > > -------- forwarded message -------- > title: New Version Notification for draft-suchan-acme-onion-00.txt > date: Tue, 10 May 2022 19:04:01 -0700 > sender: internet-drafts@ietf.org > to: Seo Suchan <tjtncks@gmail.com> > > > > > A new version of I-D, draft-suchan-acme-onion-00.txt > has been successfully submitted by Seo Suchan and posted to the > IETF repository. > > Name: draft-suchan-acme-onion > Revision: 00 > Title: Automated Certificate Management Environment (ACME) Onion > Identifier Validation Extension > Document date: 2022-05-10 > Group: Individual Submission > Pages: 7 > URL: https://www.ietf.org/archive/id/draft-suchan-acme-onion-00.txt > Status: https://datatracker.ietf.org/doc/draft-suchan-acme-onion/ > Htmlized: https://datatracker.ietf.org/doc/html/draft-suchan-acme-onion > > > Abstract: > This document specifies identifiers and challenges required to enable > the Automated Certificate Management Environment (ACME) to issue > certificates for Tor Project's onion V3 addresses. > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
- [Acme] Fwd: New Version Notification for draft-su… Seo Suchan
- Re: [Acme] Fwd: New Version Notification for draf… Richard Barnes
- Re: [Acme] Fwd: New Version Notification for draf… Seo Suchan