IETF Logo Mail Archive

Re: [Acme] Call for adoption of draft-aaron-acme-ari-02

Melinda Shore <melinda.shore@gmail.com> Sat, 18 June 2022 04:22 UTC

Return-Path: <melinda.shore@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2DAFC15AAC9 for <acme@ietfa.amsl.com>; Fri, 17 Jun 2022 21:22:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.985
X-Spam-Level:
X-Spam-Status: No, score=-3.985 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-1.876, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WtbnujV-W_r4 for <acme@ietfa.amsl.com>; Fri, 17 Jun 2022 21:22:32 -0700 (PDT)
Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6428FC15AAC2 for <acme@ietf.org>; Fri, 17 Jun 2022 21:22:32 -0700 (PDT)
Received: by mail-pj1-x102d.google.com with SMTP id f16so4395927pjj.1 for <acme@ietf.org>; Fri, 17 Jun 2022 21:22:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :references:from:in-reply-to:content-transfer-encoding; bh=1WFIGCYuuvMmoJiLttTMq5DuXbWlZiBq7YO0CDk39Uc=; b=efdZd6GxngnRboe7CLfntpg/STLxci+/gUuEqSFAlkzC3UVKgFRLobUrCt1FuTwKfX kx97w2MMz7z2pEPT/5mo3FBEllXmDLGcTtXHpp5ZWpwTTZ9BlfKaxPcTasauv26Do3uJ 06OZJQU4/HbzNjsdVEVJBHfKu7cxzPTL3Ksv/Rb713Ggy/kit85CWTfq8zSKRsfZG135 9K3vFMGzdDAGhi9tpcgs9X/AEkMHsJ0s/2Vl3qPx6W3uSH3nkUkF5OXEKRW8Ty793Y7d iA4ws1wOOkDob79f51rNzAnMk+n63dkq5HvSYYavy0P5b3ac9IYXen81DlxtwWwtzOTa Xvhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:references:from:in-reply-to :content-transfer-encoding; bh=1WFIGCYuuvMmoJiLttTMq5DuXbWlZiBq7YO0CDk39Uc=; b=SZ4Z7UdDRPr/RlGXuYbRfySZBGkJj3V9TGq4PcZq/biblA+83HvqXRsYxjVIFmGcgy Jgs9VNPFPsmjRZ4g3Hsgp8TOBgHJNZsVAr/MOohbxKkTuq0UIwsIRV7F+o80/dcDLP5R 5HBJr08q3fwlpaub2oP7L2wzu2uQp/RvaXQWZy+ovtm+J1LCxoJinJbuBqvlDCJrXofj tnWnfm0XGF3lYs5UqOJ0dW79+Zlp9OJr7s18Rh6dKiIXSXzpj0ZjsHLwCJ6Pyudabztm OGwuWwnlpzowR1Le78iNDTmw3AT3BIQUwlPE/QBu/iJoJXTJ8xbE+086Ry99TQKLad/g wuAA==
X-Gm-Message-State: AJIora9SNySZ7yTLTheqbKCfq500xmGxYKHLvaQEs9SiFp9AkDf0/vZr RYjuhMDz8WFDDJe6nwiGz9ZodHqbveE=
X-Google-Smtp-Source: AGRyM1uIxACNhc9RJUOKtIZjVi0nw/HQ99qyIKqnx8SS5j13P046r8Eh4650HE/XnTR2OzUlFOcH/w==
X-Received: by 2002:a17:902:c2d5:b0:16a:1263:9313 with SMTP id c21-20020a170902c2d500b0016a12639313mr314948pla.138.1655526151691; Fri, 17 Jun 2022 21:22:31 -0700 (PDT)
Received: from [192.168.1.110] (63-140-66-221.dynamic.lte.acsalaska.net. [63.140.66.221]) by smtp.gmail.com with ESMTPSA id ik4-20020a170902ab0400b001637704269fsm4282088plb.223.2022.06.17.21.22.30 for <acme@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 17 Jun 2022 21:22:31 -0700 (PDT)
Message-ID: <001a26b1-2873-1658-d44a-72684270515e@gmail.com>
Date: Fri, 17 Jun 2022 20:22:28 -0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: acme@ietf.org
References: <CAGgd1OevCu61rbCAOv1fcB-eFoRD6CMKnj=5Qy6XVqQroakR0g@mail.gmail.com> <59df1980-2a2a-2e49-09fa-91c1fbef4563@desec.io> <CAEmnEreNCz1t-qMS3aa0n0nFwMzi4UfDsyJdGkApWdkzD=PYbQ@mail.gmail.com>
From: Melinda Shore <melinda.shore@gmail.com>
In-Reply-To: <CAEmnEreNCz1t-qMS3aa0n0nFwMzi4UfDsyJdGkApWdkzD=PYbQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/tFvoHy1wurEvVUtbrpI-VF-88Nk>
Subject: Re: [Acme] Call for adoption of draft-aaron-acme-ari-02
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jun 2022 04:22:34 -0000

On 6/17/22 3:48 PM, Aaron Gable wrote:
> It's not my experience that RFCs in this space dedicate significant 
> space in their text to discussing alternative designs, but if others 
> would like to see a section like that added to the draft I'm happy to 
> oblige.

That discussion needs to take place on the mailing list, and
it may be that discussion leads to protocol changes (probably
more common than not), but I think a specification needs to be a
specification.

Anyway, LE is dealing with scaling issues that most of us don't
have to face, and I am unsurprised to see that reflected in
their proposals.  These issues may become more common as certificate
lifetimes continue to shrink and while I tend to (strongly) favor
avoiding complexity, sometimes it can't be avoided and in this case
I'm happy to see proposals that are going to be robust in the
face of changes in the PKI environment.

I support adoption of this document with the protocol proposal
it contains being used as a starting point for specification.
I'm happy to review but personally I don't plan to implement.

Melinda


-- 
Melinda Shore
melinda.shore@gmail.com

Software longa, hardware brevis

v2.23.0 | Report a Bug | By Email