Re: [Acme] [Technical Errata Reported] RFC8555 (6030)
Benjamin Kaduk <kaduk@mit.edu> Wed, 01 April 2020 00:11 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 493E63A0DE8 for <acme@ietfa.amsl.com>; Tue, 31 Mar 2020 17:11:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ouDXq8GLMUrA for <acme@ietfa.amsl.com>; Tue, 31 Mar 2020 17:11:36 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A4DD3A0DE7 for <acme@ietf.org>; Tue, 31 Mar 2020 17:11:36 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 0310BKiS030576 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Mar 2020 20:11:22 -0400
Date: Tue, 31 Mar 2020 17:11:19 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Roland Shoemaker <roland@letsencrypt.org>
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, Richard Barnes <rlb@ipv.sx>, Jacob Hoffman-Andrews <jsha@eff.org>, Daniel McCarney <cpu@letsencrypt.org>, James Kasten <jdkasten@umich.edu>, Roman Danyliw <rdd@cert.org>, "Salz, Rich" <rsalz@akamai.com>, Yoav Nir <ynir.ietf@gmail.com>, mp+ietf@hezmatt.org, IETF ACME <acme@ietf.org>
Message-ID: <20200401001119.GV50174@kduck.mit.edu>
References: <20200325222557.82D38F406F7@rfc-editor.org> <CAF1ySfHbh8JdBVev4PoZ8qYFiBAJETJigjchBK7etE7trM9_0A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAF1ySfHbh8JdBVev4PoZ8qYFiBAJETJigjchBK7etE7trM9_0A@mail.gmail.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/qXgBFeI05V0_xqtTomyTXqJrdGs>
X-Mailman-Approved-At: Tue, 31 Mar 2020 17:13:06 -0700
Subject: Re: [Acme] [Technical Errata Reported] RFC8555 (6030)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2020 00:11:38 -0000
That does seem quite likely, thanks for pointing it out, Roland. With respect to the report itself (noting that the proposed change is from "200 (OK)" to "204 (No Content)"), I note that the response status code is not considered to be a "header field" and so the quoted text from RFC 7231 does not seem to directly apply. Since HEAD is defined to not return any body content, 204 does not convey any additional information, and 200 in fact seems to be conventional. While, I'm happy to ask for more discussion/confirmation on the httpbis WG list if requested, it seems likely that this report is destined for status "Rejected". Does anyone disagree? Thanks, Ben On Wed, Mar 25, 2020 at 09:03:23PM -0700, Roland Shoemaker wrote: > To save people some confusion, I think the reporter is referring to RFC > 7231 (Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content) rather > than 7321 (Cryptographic Algorithm Implementation Requirements and Usage > Guidance). > > On Wed, Mar 25, 2020 at 3:44 PM RFC Errata System <rfc-editor@rfc-editor.org> > wrote: > > > The following errata report has been submitted for RFC8555, > > "Automatic Certificate Management Environment (ACME)". > > > > -------------------------------------- > > You may review the report below and at: > > https://www.rfc-editor.org/errata/eid6030 > > > > -------------------------------------- > > Type: Technical > > Reported by: Matt Palmer <mp+ietf@hezmatt.org> > > > > Section: 7.2 > > > > Original Text > > ------------- > > To get a fresh nonce, the client sends a HEAD request to the newNonce > > resource on the server. The server's response MUST include a Replay- > > Nonce header field containing a fresh nonce and SHOULD have status > > code 200 (OK). The server MUST also respond to GET requests for this > > resource, returning an empty body (while still providing a Replay- > > Nonce header) with a status code of 204 (No Content). > > > > Corrected Text > > -------------- > > To get a fresh nonce, the client sends a HEAD request to the newNonce > > resource on the server. The server's response MUST include a Replay- > > Nonce header field containing a fresh nonce and SHOULD have status > > code 204 (No Content). The server MUST also respond to GET requests for > > this > > resource, returning an empty body (while still providing a Replay- > > Nonce header) with a status code of 204 (No Content). > > > > Notes > > ----- > > RFC7321 s4.3.2, says "The server SHOULD send the same header fields in > > response to a HEAD request as it would have sent if the request had been a > > GET". I can't see any rationale for violating this SHOULD in the > > discussion in the GH issue which introduced the discrepancy in response > > code between GET and HEAD (https://github.com/ietf-wg-acme/acme/pull/371), > > thus (IMHO) it violates the tenets of a SHOULD, as "the full implications" > > do not appear to have "be[en] understood and carefully weighed before > > choosing a different course" (RFC2119, of course). > > > > Instructions: > > ------------- > > This erratum is currently posted as "Reported". If necessary, please > > use "Reply All" to discuss whether it should be verified or > > rejected. When a decision is reached, the verifying party > > can log in to change the status and edit the report, if necessary. > > > > -------------------------------------- > > RFC8555 (draft-ietf-acme-acme-18) > > -------------------------------------- > > Title : Automatic Certificate Management Environment (ACME) > > Publication Date : March 2019 > > Author(s) : R. Barnes, J. Hoffman-Andrews, D. McCarney, J. Kasten > > Category : PROPOSED STANDARD > > Source : Automated Certificate Management Environment > > Area : Security > > Stream : IETF > > Verifying Party : IESG > > > > _______________________________________________ > > Acme mailing list > > Acme@ietf.org > > https://www.ietf.org/mailman/listinfo/acme > >
- [Acme] [Technical Errata Reported] RFC8555 (6030) RFC Errata System
- Re: [Acme] [Technical Errata Reported] RFC8555 (6… Roland Shoemaker
- Re: [Acme] [Technical Errata Reported] RFC8555 (6… Benjamin Kaduk