Re: [Acme] [Errata Held for Document Update] RFC8555 (6843)
Rob Sayre <sayrer@gmail.com> Sun, 14 January 2024 18:12 UTC
Return-Path: <sayrer@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 411B1C14F68F for <acme@ietfa.amsl.com>; Sun, 14 Jan 2024 10:12:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gGuAqUIjFNsR for <acme@ietfa.amsl.com>; Sun, 14 Jan 2024 10:12:07 -0800 (PST)
Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD511C14F68E for <acme@ietf.org>; Sun, 14 Jan 2024 10:12:07 -0800 (PST)
Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-a2dda9d67ceso9212966b.3 for <acme@ietf.org>; Sun, 14 Jan 2024 10:12:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705255926; x=1705860726; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=3KKVGdSxMl3aPbhmRz9uwLUgbSMj0urQbFU4dz/UT5o=; b=B0iBdcdS9sQ4MXwk4mnLjoR29QyYQvWXJdb7a8tc3p/E3EXRWloij9rXLJW1j1xMkh X8B9aE/CqkOithy1nUp2WzOfyhaG4YWNI2yszT7DIjqB23B/IOj+cB0uzhu4L+FKBcB+ vSKyecbOVEHM+DHjRnRR/2ul9Pii9laZcKhOxLy8NVXrArbYlqO1bJ8T2twJCpX5tM9I hFjPs56J9FOzX3tPltFgF77+d2dEcpOZiDE/K9Ud4xklH1wbUR5Lmf3AxXF1xrL9BH54 j20P+37+eLIVPBC5lTAaDY2lg7PxLn9B/86ko99jw09hAQP3i+Mrtq0g9wry/zbLd5cX eEPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705255926; x=1705860726; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3KKVGdSxMl3aPbhmRz9uwLUgbSMj0urQbFU4dz/UT5o=; b=AZ8RrdwZ2IPeQriDHlUDEAJ2Iad9fVJWMRW8wpeti/0kaHW/+Rbf47qbe5vJUbhYNU DW2UQ5V9I4RVjir5bZlDGlYFqbclAvcwvLwpvfVcsZzmU8OfXOABNuHUVmBYA+1DFFNs 9JgnL2u5uwX+0I2wqA56b2HtDUIAt2pSpnFemBCe4o41pft6UAP5A+a1wBWvtFQy1KeC Cjc6gH4ZArqqv68guum0Bg1lRIfVcanVP6/LmMN/TedomPUhJ6FLBVvCz9RSB3ZbYhi3 0OznQutctPYcD9Y/FTwvK3Ch8reGGArO3FIuL5ou/ulXAgf3yVU3RyQkzVm/J4qfvL4O c9tA==
X-Gm-Message-State: AOJu0YwWkJfNMvbCfH4EoLNfHzKrsrjxgbJHlR2bHW0t77RgrFq+jaMs 5O0RMeQSb9eF7cR80VEcowUTjRh9Yb2YF48ypIbmWTaPohM=
X-Google-Smtp-Source: AGHT+IGoomX6DGZabw87oxCXlxQ5OWUnIT06S9VqxW+E4biW0KNK7UdvrJGwfYm8mk/jWCZgDG+82noEElU2xJsRo1I=
X-Received: by 2002:a17:906:30d4:b0:a2c:2aab:9231 with SMTP id b20-20020a17090630d400b00a2c2aab9231mr1506227ejb.69.1705255925917; Sun, 14 Jan 2024 10:12:05 -0800 (PST)
MIME-Version: 1.0
References: <CAChr6SypX6PN_00OQUzRbtyXeQYsuVeZeRjg9Xosk8uRTkzr2Q@mail.gmail.com> <CAEmnErfE=-HMKkf4MHUfYCLam0baWA+QnAA7tg_tREtPFvRhdQ@mail.gmail.com> <CAChr6SzGo-4RZ0TwfqcJhy4FzL53LmsWHpe9EmN5eN_GDhdLzw@mail.gmail.com> <CAOG=JU+YFE826M7aW_KJRXNw639QjvVgH4WryPJ++Xq+BGS+Uw@mail.gmail.com> <CAChr6Syg80PWYDBDA872gyUkPoVKWvr2zsRmOUs16mGawQPa6g@mail.gmail.com> <CAGgd1Oc2=yXQvw+0sLZ+q5FKeg8N7_jxC-MdjaV9pjsmCNaEow@mail.gmail.com>
In-Reply-To: <CAGgd1Oc2=yXQvw+0sLZ+q5FKeg8N7_jxC-MdjaV9pjsmCNaEow@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Sun, 14 Jan 2024 10:11:54 -0800
Message-ID: <CAChr6SwAYSn4eEVvnce7XR18G8KPixFG_BbHRKzSKMrkEv4Nig@mail.gmail.com>
To: Deb Cooley <debcooley1@gmail.com>
Cc: acme@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b72aea060eebd56b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/uOrWNjFB928WPW3LgljOiMs1_pw>
Subject: Re: [Acme] [Errata Held for Document Update] RFC8555 (6843)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Jan 2024 18:12:08 -0000
On Sun, Jan 14, 2024 at 3:01 AM Deb Cooley <debcooley1@gmail.com> wrote: > I had this marked as 'hold for update' (vs. 'verified'). I can't tell > from the discussion how you think we should be handling it. > The erratum says "the challenge must be initiated over HTTP, not HTTPS.", which is a little better than the current draft, in my opinion. But there are TLDs (.app, .dev, .bank, etc) that are not supposed to be contacted over clear text HTTP at all. There is also the HSTS preload list for certain domains (this is a big list...). Others have said this list is just for browsers, but that is not the case. For example, the default networking stack on Apple operating systems enforces HSTS policies. So, my point is that the entire sentence might be wrong, and could need more than a slight adjustment. thanks, Rob
- Re: [Acme] [Errata Held for Document Update] RFC8… Rob Sayre
- [Acme] [Errata Held for Document Update] RFC8555 … RFC Errata System
- Re: [Acme] [Errata Held for Document Update] RFC8… Rob Sayre
- Re: [Acme] [Errata Held for Document Update] RFC8… Amir Omidi
- Re: [Acme] [Errata Held for Document Update] RFC8… Aaron Gable
- Re: [Acme] [Errata Held for Document Update] RFC8… Rob Sayre
- Re: [Acme] [Errata Held for Document Update] RFC8… Seo Suchan
- Re: [Acme] [Errata Held for Document Update] RFC8… Deb Cooley
- Re: [Acme] [Errata Held for Document Update] RFC8… Seo Suchan
- Re: [Acme] [Errata Held for Document Update] RFC8… Rob Sayre
- Re: [Acme] [Errata Held for Document Update] RFC8… Aaron Gable
- Re: [Acme] [Errata Held for Document Update] RFC8… Rob Sayre
- Re: [Acme] [Errata Held for Document Update] RFC8… Deb Cooley
- Re: [Acme] [Errata Held for Document Update] RFC8… Rob Sayre
- Re: [Acme] [Errata Held for Document Update] RFC8… Seo Suchan
- Re: [Acme] [Errata Held for Document Update] RFC8… Deb Cooley
- Re: [Acme] [Errata Held for Document Update] RFC8… Rob Sayre