IETF Logo Mail Archive

Re: [Acme] Renewal Information extension: Proposal to add an Explanation URL

Aaron Gable <aaron@letsencrypt.org> Mon, 14 February 2022 17:16 UTC

Return-Path: <aaron@letsencrypt.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 702B23A041C for <acme@ietfa.amsl.com>; Mon, 14 Feb 2022 09:16:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.675
X-Spam-Level:
X-Spam-Status: No, score=-2.675 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=letsencrypt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mApHRndg9fKI for <acme@ietfa.amsl.com>; Mon, 14 Feb 2022 09:16:46 -0800 (PST)
Received: from mail-vk1-xa35.google.com (mail-vk1-xa35.google.com [IPv6:2607:f8b0:4864:20::a35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 484963A040A for <acme@ietf.org>; Mon, 14 Feb 2022 09:16:46 -0800 (PST)
Received: by mail-vk1-xa35.google.com with SMTP id j9so1238606vkj.1 for <acme@ietf.org>; Mon, 14 Feb 2022 09:16:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=letsencrypt.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5dzQnpSVQLD8iKqLmrli1kT5vZ3gQm33V1uYvQ4JGL8=; b=HmYq6Q0g2fXRdgRlcDaRuYt+J8v1hcfyaBDuOnie4dSzt9hXnj0eKoHbIOYU473ali bxtz6jEsStgMlqyglI4eOk81EU9yhdrqW1nqxpJu4hACdXI930Z5BDEpaSiuuhmFZOxJ 1ewZEFjLYsnGZgheiN81UtNTZH7iZTJH6qQek=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5dzQnpSVQLD8iKqLmrli1kT5vZ3gQm33V1uYvQ4JGL8=; b=QybztyfM4ML29lo7TV9i5thdA1y2H/Ds0Mp5h6BBLjzdHSQNx0VNWfCH873411YrhW nWfmjRldhN2dJGJFvdsAmKk6K30R42wuA1/amch+DIUgLHMia+aWKMxdQWdggKrCBXke ujtJVYO0lgJuIbRFQtythUyQNR7C2dz3Wp3Sncx91jM461VI8sPugCz6Faf5B99Uzei5 sUw7e231MbR2v+IGyzYHpvsHq/KTT43AGbX2GmMA5JPTRYhTaQa/Fr1amGTG9eMjVnoO rRD5F9EfBjQjuQPryRAaPBpLJ/GNhmN42WUnwUqLUM6dEI6MvKtypX+njgtIt0+NLJiV CzXg==
X-Gm-Message-State: AOAM531DdkETBHUhZvaLaluDi09Uh92+lRFwCbhNJzascSJ+qSYl0mLs OlMOe4I4L1r/073fhmmVhxwhuc2DwkApkgBCtGPxMw==
X-Google-Smtp-Source: ABdhPJwIBvbfd+KnutOSsRxZeaMLD2i3OnHuLnr9j1d1XdorXS4jE/ebxck6t+RCALN3l1rR2OaLxW3G46enpORD4lk=
X-Received: by 2002:a05:6122:a17:: with SMTP id 23mr180867vkn.3.1644859002648; Mon, 14 Feb 2022 09:16:42 -0800 (PST)
MIME-Version: 1.0
References: <CALrMbp_M74q=WE02vuF6Ey+YMe_E1VOmN9yHS4AdxwUPpX=y1w@mail.gmail.com> <26737.1644521475@localhost> <20220213053944.GC58590@kduck.mit.edu> <67E8BE96-7F15-4DE6-8DE9-B30288886926@eissing.org>
In-Reply-To: <67E8BE96-7F15-4DE6-8DE9-B30288886926@eissing.org>
From: Aaron Gable <aaron@letsencrypt.org>
Date: Mon, 14 Feb 2022 09:16:32 -0800
Message-ID: <CAEmnErfyZSW-1Co=X06-rZD_vokeADXTYpx9wUNFkZn-48BuGg@mail.gmail.com>
To: Stefan Eissing <stefan@eissing.org>
Cc: Benjamin Kaduk <kaduk@mit.edu>, Michael Richardson <mcr+ietf@sandelman.ca>, acme@ietf.org, "J.C. Jones" <ietf@insufficient.coffee>
Content-Type: multipart/alternative; boundary="0000000000008f12b505d7fd9486"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/snGHVpBdop_TqhxrmfBvl6tS330>
Subject: Re: [Acme] Renewal Information extension: Proposal to add an Explanation URL
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Feb 2022 17:16:52 -0000

In fact, what BCP 18 has to say on the matter is:
> ...protocols are not subject to internationalization; text strings are.
So yes, the appropriate place for internationalization here would be at the
level of the site pointed at by the URI, not at the level of the URI itself.

Regardless, I like this proposal. It provides good value (especially for
certificate monitoring services) at very little cost (completely optional
for both server and client). It does feel a little odd to include something
directly in the protocol that is not actually intended for consumption by
most ACME clients (they're non-interactive, the most they're likely to do
is log it to a file their operator isn't going to look at anyway). But I
think it makes sense to recognize the reality of the current ecosystem.
ACME clients do one thing well -- renew certs. Cert monitors do one thing
well -- alert site operators when something unusual is happening. No reason
not to enable both.

Aaron

On Mon, Feb 14, 2022 at 1:17 AM Stefan Eissing <stefan@eissing.org> wrote:

>
>
> > Am 13.02.2022 um 06:39 schrieb Benjamin Kaduk <kaduk@mit.edu>:
> >
> > On Thu, Feb 10, 2022 at 02:31:15PM -0500, Michael Richardson wrote:
> >>
> >> J.C. Jones <ietf@insufficient.coffee> wrote:
> >>> Hence, I propose we add an optional field to the ARI response
> >>> structure, "explanationURL", which when populated should be presented
> >>> in any user-visible context (logging, alerting, etc) by the
> >>> ARI-compatible client. It would be up to the Certificate Authority to
> >>> ensure the URL presented appropriately translated information for the
> >>> operator, and the CA _should_ only provide the field if there was
> >>> something exceptional that warranted additional explanation or
> >>> context.
> >>
> >> Sounds good.
> >>
> >> If it's for human consumption, then it might need to be an array or
> dict,
> >> with per-language versions.
>
> Unnecessary. HTTP servers can redirect to language specific resources just
> fine. Let's not i18n the protocol urls, please.
>
> >
> > Yes, BCP 18 has a few things to say on this matter.
> >
> > -Ben
> >
> > _______________________________________________
> > Acme mailing list
> > Acme@ietf.org
> > https://www.ietf.org/mailman/listinfo/acme
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>

v2.23.0 | Report a Bug | By Email