Re: [Acme] ARI: Indication if certificate will be revoked
Aaron Gable <aaron@letsencrypt.org> Wed, 22 March 2023 21:17 UTC
Return-Path: <aaron@letsencrypt.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 750C9C13AE35 for <acme@ietfa.amsl.com>; Wed, 22 Mar 2023 14:17:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=letsencrypt.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WP_oClZDgUZM for <acme@ietfa.amsl.com>; Wed, 22 Mar 2023 14:16:57 -0700 (PDT)
Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E5BDC14CE2C for <acme@ietf.org>; Wed, 22 Mar 2023 14:16:52 -0700 (PDT)
Received: by mail-qk1-x72e.google.com with SMTP id 5so385409qky.5 for <acme@ietf.org>; Wed, 22 Mar 2023 14:16:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=letsencrypt.org; s=google; t=1679519811; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=jkBsvgF2DxGhuTKNHNGgmzYoihD0CtGch+tB4t4UwrI=; b=U4GDmZl+KE8Gszf0FGq/Vz/uTz/Y6thBVD/GUk/b59/SLqO5ccf+jdn7ILOgHrl/al gMbt+u9I11VP16EOKGPul0MWZDlyj1PVpRimNrDpD2KLbooj0YGqkU/k7N/mw72hSUAQ s0WpZuIzO/tDd3n3DhfsmBmgsuCb6oGA07ph0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679519811; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jkBsvgF2DxGhuTKNHNGgmzYoihD0CtGch+tB4t4UwrI=; b=2p+fcQS2tw2wOoCxdQ4aToON6u8A6R5fHPjMsIKYpsdHkEAH24iGL3+9GKK87MJ6U4 LDOlmRpsgTNj3OkQMHYvlAEDqPuXqudLyGD8umjruGS1pIYgSBbc6yK7kuBH9rrsOWru Yc347C5+O+Ajj+MnKJYtYAIZKAClpZuTF/rqQ9cw5074DsvT4VnEdMjI7IopMP7O2YQ7 e/KtUv4iXejBdxiJXl1/fZ/MpXVHDsS2zlHi9q6oFDIC8UxTZ2TxeIhqb3jwbYdyDtpa 7fVXoHHHkL7oe1UPrlgqKsBUl0R160XwSiQO+g6kxg17VcviKHZONqjWZo/UqyuhtKx0 70lg==
X-Gm-Message-State: AO0yUKVT1NbWea2OZK5hwhgkUxK697G/MFnn3VpghqZ4jk53CD5dxNHS Pal1Zq7Cw49enukvcB6MAX2ErbJxjmxDe/1eXfwJ2UUbHu8SVB41
X-Google-Smtp-Source: AK7set8+vLJ5q66jJr1Ld0vMhbRMqHj68zlRgZX32Stpi7wHB9kqp4LiGDwBdrPS/wlvWw4JXVJkt07Qi2XQ42ehuyE=
X-Received: by 2002:a05:620a:c0b:b0:745:8c04:2777 with SMTP id l11-20020a05620a0c0b00b007458c042777mr861325qki.13.1679519811167; Wed, 22 Mar 2023 14:16:51 -0700 (PDT)
MIME-Version: 1.0
References: <20230322103538.975d953c92be1463f2347a4e@andrewayer.name> <DM6PR14MB2186F5867BDDAB1394F2A23492869@DM6PR14MB2186.namprd14.prod.outlook.com> <20230322163024.d6274767c10df709d7293171@andrewayer.name>
In-Reply-To: <20230322163024.d6274767c10df709d7293171@andrewayer.name>
From: Aaron Gable <aaron@letsencrypt.org>
Date: Wed, 22 Mar 2023 14:16:40 -0700
Message-ID: <CAEmnEreSnwWZXCS84AnwbHrsxsDPnt=6c0DCzyioV+ARapBnsw@mail.gmail.com>
To: Andrew Ayer <agwa@andrewayer.name>
Cc: Corey Bonnell <Corey.Bonnell=40digicert.com@dmarc.ietf.org>, "acme@ietf.org" <acme@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bd031d05f783ad0a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/vekMxHpuyIAgCtTm9HBKgx9XPzg>
Subject: Re: [Acme] ARI: Indication if certificate will be revoked
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2023 21:17:01 -0000
I'm not totally sold on the utility of including extra information in the ARI response, if that extra information will not modify client behavior. If the purpose is to modify human behavior, then I believe the current explanationURL is sufficient. Adding a machine-readable problem document that would only be read by machines that are not part of the ACME client/server relationship feels odd to me. Aaron On Wed, Mar 22, 2023 at 1:31 PM Andrew Ayer <agwa@andrewayer.name> wrote: > Hi Corey, > > On Wed, 22 Mar 2023 17:55:59 +0000 > Corey Bonnell <Corey.Bonnell=40digicert.com@dmarc.ietf.org> wrote: > > > Hi Andrew, > > Is the purpose of the "revocationTime" field such that ACME client > > behavior would be different than the recommended replacement > > time-selection algorithm in section 4.1, or is it to provide richer > > metadata about the pending replacement window that is potentially > > human or machine-readable? > > It is the latter - to provide richer metadata about why the window is > what it is. ACME client behavior would not be affected. > > > If the latter, I'm wondering if we could consider defining a RFC > > 7807-style "problem document" format that would provide fuller > > information that is both human- and machine-readable. The > > "explanationURL" field as it currently exists in the draft might be > > useful for conveying human-readable information, but defining a > > fuller representation of replacement-related metadata would also > > allow machine-readable information to be conveyed. > > That could potentially be useful. Do you have any other information in > mind that would be included? > > Regards, > Andrew > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
- [Acme] ARI: Indication if certificate will be rev… Andrew Ayer
- Re: [Acme] ARI: Indication if certificate will be… Seo Suchan
- Re: [Acme] ARI: Indication if certificate will be… Amir Omidi
- Re: [Acme] ARI: Indication if certificate will be… Corey Bonnell
- Re: [Acme] ARI: Indication if certificate will be… Andrew Ayer
- Re: [Acme] ARI: Indication if certificate will be… Andrew Ayer
- Re: [Acme] ARI: Indication if certificate will be… Andrew Ayer
- Re: [Acme] ARI: Indication if certificate will be… Aaron Gable
- Re: [Acme] ARI: Indication if certificate will be… Andrew Ayer
- Re: [Acme] ARI: Indication if certificate will be… J.C. Jones
- Re: [Acme] ARI: Indication if certificate will be… Corey Bonnell