IETF Logo Mail Archive

Re: [Acme] ACME breaking change: Most GETs become POSTs

Daniel McCarney <cpu@letsencrypt.org> Fri, 31 August 2018 19:33 UTC

Return-Path: <dmccarney@letsencrypt.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1E4B130E1B for <acme@ietfa.amsl.com>; Fri, 31 Aug 2018 12:33:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=letsencrypt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HzJK5_dTROQe for <acme@ietfa.amsl.com>; Fri, 31 Aug 2018 12:33:56 -0700 (PDT)
Received: from mail-io0-x243.google.com (mail-io0-x243.google.com [IPv6:2607:f8b0:4001:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10F6C124C04 for <acme@ietf.org>; Fri, 31 Aug 2018 12:33:56 -0700 (PDT)
Received: by mail-io0-x243.google.com with SMTP id e12-v6so11297524iok.12 for <acme@ietf.org>; Fri, 31 Aug 2018 12:33:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=letsencrypt.org; s=google; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc; bh=1HvBSpbmp+gGzFWo+6mdFx5gSBFsaaijvFkAJ7mqEAk=; b=gz5RdfOlPT9Sz36KjgnOx0IwRK9RJvzWO28qUCYavIZL5oydna/IOStE+dpLcoO+Ab PFU5ol02OVCqSqCfIzVnRNC1WYTB4Be/L1KJRTc8KV5ARTEOITXu1DSiR5mPCLn9cNox zq5IfCYwbj2iXb2csgnPexm/it+Sp8FtZLCTI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=1HvBSpbmp+gGzFWo+6mdFx5gSBFsaaijvFkAJ7mqEAk=; b=U9CNh1lV37VJMsBGU3F0Hh8c//FBTfxVFw49HJXAOMlxZCWgZEdtfjpH2JB+pTmcMs sA4JMQmUueYZ0YV18XacRdtUlOCqNEZWZ7BYKo54knZkyyoVNfl5w8YnButkMzFVO9Sp QBlQVwjX0KrPzL0F3NIQl5SnyT3lr3N0/QTIOVTI/jPKPXkRdoAXHGUE59Wi15dPZ4Tp jJMVCp74gq/Aj1XnzuzhNMJdSY2W332wOQIpYTOBAM6UbvpA7eCle0Pjq73/aNZXwxZE ktnFni7TqgV79ORZXwWoib20t8tStk6FmPePQYCLdGFDxwFtg27qBKFcc2NBGW43BorZ Zc0g==
X-Gm-Message-State: APzg51ALm6zuvk/BpAqhyg8EGJ8gqij22NLe8QL7G0ktPnGnUnSWKCFF FnwwptA+QmiTryQ9RcVYCuXtqP9sXm0QIHtoZbjeYA==
X-Google-Smtp-Source: ANB0VdbgPkfaiENpGrK/l3WpcPwcxszfjW68sbAG6nrdRNo2ZCWZCZqWmama/X8n+Ly+7vpLOI6/U7wWhwxGCQLwydE=
X-Received: by 2002:a6b:7308:: with SMTP id e8-v6mr13054973ioh.57.1535744035398; Fri, 31 Aug 2018 12:33:55 -0700 (PDT)
MIME-Version: 1.0
Reply-To: cpu@letsencrypt.org
Received: by 2002:a6b:20d2:0:0:0:0:0 with HTTP; Fri, 31 Aug 2018 12:33:54 -0700 (PDT)
In-Reply-To: <4404d740-504c-bba7-d30d-dff385bd1216@eff.org>
References: <c33184f3-4e64-b7ea-babb-d29e2307f1f3@eff.org> <2a889461-da9e-d3bd-e5a8-688eda61c614@eff.org> <51509028-1939-4851-8BB5-41F94FA146A1@felipegasper.com> <CAL02cgTLEMAMZQicNvXzQrRnGeemrUojmGe_8r=e_YZCNazdsQ@mail.gmail.com> <D171FC21-64FA-4438-AF45-520B5AFEEBF7@akamai.com> <CAL02cgQXx0fBUuxa8ivwTk09J5h8tWiNP8b+8taY8wPJxLypeA@mail.gmail.com> <4404d740-504c-bba7-d30d-dff385bd1216@eff.org>
From: Daniel McCarney <cpu@letsencrypt.org>
Date: Fri, 31 Aug 2018 15:33:54 -0400
Message-ID: <CAKnbcLgz0TFYbB6o6G5yW_jjvPqSMbVEVrK5ykZ2Q077eV0rAA@mail.gmail.com>
To: Jacob Hoffman-Andrews <jsha@eff.org>
Cc: Richard Barnes <rlb@ipv.sx>, "Salz, Rich" <rsalz@akamai.com>, IETF ACME <acme@ietf.org>, Felipe Gasper <felipe@felipegasper.com>
Content-Type: multipart/alternative; boundary="000000000000b23ca10574c0457a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/pPUaX5spfiHG1d_04rajrfKV2I4>
Subject: Re: [Acme] ACME breaking change: Most GETs become POSTs
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Aug 2018 19:33:58 -0000

>
> In short, I think certificates should be POST-as-GET just like the other
> resources.


+1. If we're replacing the GETs to Orders, Authorizations and Challenges
there's no sense in excluding Certificates. I prefer the uniformity over
exceptions for use-cases that don't have strong real-world
use/implementations.

On Fri, Aug 31, 2018 at 3:30 PM, Jacob Hoffman-Andrews <jsha@eff.org> wrote:

> On 08/31/2018 07:25 AM, Richard Barnes wrote:
>
>> The problem with using POST-as-GET for certificate resources, as Felipe I
>> think pointed out, is that the thing that downloads the certificate URL is
>> often not an ACME player, doesn't have an account, etc.  It's a web server
>> or something. (cf. the STAR drafts.)  What I'm saying is that it's painful
>> to make them integrate with ACME and we don't get any benefit.
>>
> AFAIK, no current ACME client hands off certificate URLs to
> less-privileged processes.
>
> Keeping GETs for certificates undermines the goal of making the
> POST-as-GET change. Certificate resources may be constructed in enumerable
> ways, like:
>
> /account/100/certificate/3438
> /account/201/certificate/3439
> /account/100/certificate/3440*
>
> While many CAs may not consider correlation of certificates by account to
> be sensitive, our goal with this change is to eliminate a footgun for CAs
> who do consider it sensitive, by simply ensuring all requests are
> authenticated by default. Consistent authentication also has the potential
> to simplify by client and server libraries.
>
> I think it would be a mistake to carve out this exception in the main ACME
> spec for use cases that are still speculative. Instead, if there is a use
> case that truly requires unauthenticated certificate retrieval, it should
> be defined as an extension or an optional feature.
>
> In short, I think certificates should be POST-as-GET just like the other
> resources.
>
> *Note: I'm aware that certificate serial numbers must be randomized, but
> there is no requirement that the certificate serial number be present in
> the URL.
>
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>

v2.23.0 | Report a Bug | By Email