Re: [lamps] CAA tags
Tim Hollebeek <tim.hollebeek@digicert.com> Tue, 19 December 2017 21:54 UTC
Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id DABE412D85F
for <spasm@ietfa.amsl.com>; Tue, 19 Dec 2017 13:54:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 5oLm4TFhj4qd for <spasm@ietfa.amsl.com>;
Tue, 19 Dec 2017 13:54:33 -0800 (PST)
Received: from mail1.bemta12.messagelabs.com (mail1.bemta12.messagelabs.com
[216.82.251.3])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id C40AA1200FC
for <spasm@ietf.org>; Tue, 19 Dec 2017 13:54:33 -0800 (PST)
Received: from [216.82.249.212] (using TLSv1.2 with cipher
DHE-RSA-AES256-GCM-SHA384 (256 bits))
by server-3.bemta-12.messagelabs.com id 93/66-13004-99A893A5;
Tue, 19 Dec 2017 21:54:33 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTfUxNYRzH73Nebke6drqVfu7k5Q4jKwpTmWl
mtFmG0awZztVx7+G+OeeyzB+12lAX85KpuIWMrXmfNtNuViiKlUpTSUU0txEpuqScc5/r7Z9n
n+f3/f5enmfPw5BaZ4CO4dMdvGjlzHp1IPVi2u2YqPzc+NT5972hcQXNXnXciU4Xiitq2Z5IJ
n0c6KWTLl70EknZ5eXUWjKVFqwGW/o22lRRPUrZ27NR+sOTRwMy0aP9uWgcQ7H9BNRW6HJRIK
Nl8wgYHahXK4KWfYCgrmSFwmp2PrS4awiFQ9lZ0H36Ca0wya6GsVdZlMIhbAR0vywnsWcKnKs
cojGvhPc/BwncbCb0V57xsYbdDP21lync+C4BWSUnkSKMY9fB0fMNvqKInQjfaq8QuFk4tPUU
+xjYUOh+VqfGHAbv34zS2L8ZXF+q/HE9tF8dRpgjoLHYiZRmwFYFwL36cr8pGsqOf/CbkuHRi
xIS83UEnzxTMUdCXd2w378LhrJbaMwJcOh4DY2L3ifhR1O7nMzIm8nQ6VqI44fV0Jjj9l9pGu
SV4ulCWB10NOegY2hO4T+HK5RzSLYYQe63NrLQd03B8Ligh8KmVHidlU9jjoRTVz3++Fy4dL5
P9jMyz4HqJv3/YYWXQP73SjXm6ZDn7A7AvAj6Hn5G59D4UjRb4sW9vBgVGx9tEAWjyWHhBHNU
TExstIWXJM7ImzmDFL3dZrmF5GeYoVKhO2h0MLkKTWIIfZimY2l8qnaCwZa2z8RJpq3iHjMvV
aHJDKMHjZAja8Eib+TTdwhm+S3/loEJ0odqShVZI9k5iyQYsVSLljFn3W0jBHOjtUNeK3zru4
K+TFJLWW1WXheuWaCksUqaaY/1T9Hff6QRRehCNEilUmmD7LxoERz/6x4UziB9iGaVUiVIsDr
+9PbIYxHyWKc2LVbGcnB/JV0myksZX3btbUXXUqY14868tLGk/iNrt3TtMsyot4c/ZbYZFy6v
v/6zrME29cm0DSnVriIxMXCGrvQwTFox92bk2eTEkaALCQfUt3ceHPZkSCkFCcG7x4Qxr8vtj
B268H39jY12QbvSSbifXz5Qk/jZO5J55euthiWu6rtp+1PW9LX32vSUZOJiIklR4n4BqmCNbh
4EAAA=
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-7.tower-219.messagelabs.com!1513720471!197665882!1
X-Originating-IP: [216.32.180.49]
X-StarScan-Received:
X-StarScan-Version: 9.4.45; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 2309 invoked from network); 19 Dec 2017 21:54:32 -0000
Received: from mail-by2nam03lp0049.outbound.protection.outlook.com (HELO
NAM03-BY2-obe.outbound.protection.outlook.com) (216.32.180.49)
by server-7.tower-219.messagelabs.com with AES256-SHA256 encrypted SMTP;
19 Dec 2017 21:54:32 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com;
s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=QNzCQp1yfY3qIcoOz2D5pvEqA5pUoIuNIhZpPlouDb4=;
b=EiRHObds3/NBIhlXN14YeKkgbzdL4qkw5GVYpdjOPOsFwd1iXc2wzDKamHGQFxWzEVPQodAqNFiehM15LmNk5lcpozkve7PL7MgYVehqOF6QBeyi4nQkxWbPDaK35it5IXpQX8xfAEGXSSa47y4dJmhYQSF5vlrEOQyc1M8/1jU=
Received: from DM5PR14MB1289.namprd14.prod.outlook.com (10.173.132.19) by
DM5PR14MB1292.namprd14.prod.outlook.com (10.173.132.22) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
15.20.323.15; Tue, 19 Dec 2017 21:54:30 +0000
Received: from DM5PR14MB1289.namprd14.prod.outlook.com ([10.173.132.19]) by
DM5PR14MB1289.namprd14.prod.outlook.com ([10.173.132.19]) with mapi id
15.20.0323.018; Tue, 19 Dec 2017 21:54:30 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Ryan Sleevi <ryan-ietf@sleevi.com>
CC: Jacob Hoffman-Andrews <jsha@eff.org>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [lamps] CAA tags
Thread-Index: AdN4J3TZ60fppeKgRNaOHREkYP39nwArdI8AAAC/MGAACWEFAAAFdUWw
Date: Tue, 19 Dec 2017 21:54:30 +0000
Message-ID: <DM5PR14MB1289D721D278D96821FE305F830F0@DM5PR14MB1289.namprd14.prod.outlook.com>
References: <DM5PR14MB1289FA2B76543ABAF16FD0EF830E0@DM5PR14MB1289.namprd14.prod.outlook.com>
<CAErg=HEL93NpPjEZnAFQD3Epk5dHW41qmXJGOPA_7wvKvmsGJA@mail.gmail.com>
<DM5PR14MB12894853413B1055CEF6FA74830F0@DM5PR14MB1289.namprd14.prod.outlook.com>
<CAErg=HG1S9LHhW03KeakaX50+eX5ztjH_uosvV1O4wcnPP83YA@mail.gmail.com>
In-Reply-To: <CAErg=HG1S9LHhW03KeakaX50+eX5ztjH_uosvV1O4wcnPP83YA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [74.111.107.128]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR14MB1292;
6:EkMZcWQEGQBr1JGJAkWX+C7Qmo3O8lv/3avfWysd232jgcl0gMgT6t/XjHYf9fFq+vaMkho4uHU6axWyiHLX6oJNUcKb/uCX3T/O7yTaSH0t9Z6AtlySz+E+x4y/sREZvXsVYdr/Fd3jn6PV8EtoKMGUj5eMgkyJUMmoBWkWmqFDyyK20AALcR/hsyD9+4H7iARc2/5HvRCZuWoJJHfCVCkv7NClCW6Up4Cs9btYXgzvXhnfKo/+C/RCNfr/Ys/HS7ZB4R+u5PHSS2GBTeN60zjfXP23Ou0S4Y/lf6Jodxrj3pDq1PFzGADf47miUhELCFpM+p7/rji4TM4qX59cKBEYruB9D/XwB289v/GDJJk=;
5:9eklxcfLarT2Npum+PQikdJgJgrPQY4lAa04tORjkN60U4J0cck6RJdXUwiNAvJm3XXUzeXKD4G+Nu4jIzbX1g7IF8nrYn7mOWomRdudfW+kOg+rf8gXDDbz+VkQTULUpim8/2Jzsxq8/iv0Ft1M6HUYI8Erar6DuMj+JmRPRRk=;
24:IwAzTdU9R4jeOaZbgFLNt2aaJ6g8xyXxhQzD2zSwPBPLmFrXYE84beiBtfMhH+PGvgNOroshqU1AKjI+3lxwIxRm8rmgZzVsDxRy14AfQg4=;
7:3AYTRw7i4ukDI6QQJCerquMGF/qMT4lVsbd37YFFeEzSqFWRjpV38CsV7kWaQRReFVyxDREaz0XMfMxvYd5N1m3lv0olVWnZyf6cyZeZ2aqoV7v6eSUdh8685cIuOG09qGC8gc/zZU3Qujr/qjOe5+xV3dW7WDaSRWuip77J1ejjqsmSpJbS5Dtei6LUdCfQZZWowFvPd1FU+gRLRSPwHjoQIyrXzNog6Z4sHxOXiUA2xwG3nvB2bbdmAkXW4du2
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 663b6cbb-870f-401b-dce1-08d5472b1536
x-microsoft-antispam: UriScan:; BCL:0; PCL:0;
RULEID:(4534020)(4602075)(4603075)(4627115)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(49563074);
SRVR:DM5PR14MB1292;
x-ms-traffictypediagnostic: DM5PR14MB1292:
x-microsoft-antispam-prvs: <DM5PR14MB1292FDD4699C7612DD52320C830F0@DM5PR14MB1292.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
RULEID:(102415395)(6040450)(2401047)(5005006)(8121501046)(3002001)(3231023)(10201501046)(93006095)(93001095)(6041248)(20161123558100)(20161123555025)(20161123564025)(20161123560025)(2016111802025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(6043046)(201708071742011);
SRVR:DM5PR14MB1292; BCL:0; PCL:0; RULEID:(100000803101)(100110400095);
SRVR:DM5PR14MB1292;
x-forefront-prvs: 052670E5A4
x-forefront-antispam-report: SFV:NSPM;
SFS:(10019020)(346002)(396003)(366004)(39860400002)(376002)(189003)(199004)(24454002)(229853002)(66066001)(81156014)(106356001)(25786009)(77096006)(93886005)(3660700001)(9686003)(236005)(54896002)(2900100001)(53386004)(8676002)(3280700002)(4326008)(3846002)(55016002)(790700001)(5660300001)(102836003)(6116002)(99936001)(105586002)(33656002)(606006)(2950100002)(68736007)(2906002)(59450400001)(53546011)(478600001)(86362001)(97736004)(7736002)(6306002)(14454004)(54906003)(6436002)(76176011)(81166006)(6506007)(53936002)(8936002)(74316002)(316002)(99286004)(6246003)(7696005)(561944003)(6916009)(19400905002);
DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR14MB1292;
H:DM5PR14MB1289.namprd14.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;
MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: digicert.com does not designate
permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=2.16.840.1.101.3.4.2.1;
boundary="----=_NextPart_000_0718_01D378D9.41A2A1D0"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 663b6cbb-870f-401b-dce1-08d5472b1536
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Dec 2017 21:54:30.6782 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR14MB1292
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/17LEaVnYPbbrGahN1twWa_bXqgs>
Subject: Re: [lamps] CAA tags
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime
\(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>,
<mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>,
<mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Dec 2017 21:54:36 -0000
Yup. That’s why I’m not writing a spec right now. I’m always open to reasonable feedback on anything that makes my proposals better. I rarely get things entirely right the first time! -Tim From: Ryan Sleevi [mailto:ryan-ietf@sleevi.com] Sent: Tuesday, December 19, 2017 12:16 PM To: Tim Hollebeek <tim.hollebeek@digicert.com> Cc: Ryan Sleevi <ryan-ietf@sleevi.com>om>; Jacob Hoffman-Andrews <jsha@eff.org>rg>; spasm@ietf.org Subject: Re: [lamps] CAA tags Thanks for clarifying. From your original e-mail, it wasn't clear if you were taking a particular position on the property tags vs parameters, and/or what considerations fed into such discussions. That's where having the problem statement (or 'explainer', as its called in some SDO circles) and use cases is useful to explore these tradeoffs :) On Tue, Dec 19, 2017 at 9:50 AM, Tim Hollebeek <tim.hollebeek@digicert.com <mailto:tim.hollebeek@digicert.com> > wrote: As I noted in the preface to my initial email in this thread [1], one other person has pointed out the same thing to me. I noted that not only is this an option, but it solves two problems with the original proposal, so I’m personally leaning towards it. We’ll see what other CAs think. That is, why is the set of policy not CAA issue 0 "example.com <http://example.com> " CAA issue 0 "example.net <http://example.net> " CAA validation 128 "type=EV method=1,2,3,4" On Mon, Dec 18, 2017 at 12:41 PM, Tim Hollebeek <tim.hollebeek@digicert.com <mailto:tim.hollebeek@digicert.com> > wrote: Note that it has been privately pointed out to me that one possible solution to the criticality problem and the scaling problem is to use top-level tags that are independent of the issue records: CAA 0 issue “ <http://a.example.com> a.example.com” CAA 0 issue “ <http://b.example.com> b.example.com” CAA 128 validation “Phone”
- [lamps] CAA tags Tim Hollebeek
- Re: [lamps] CAA tags Jacob Hoffman-Andrews
- Re: [lamps] CAA tags Tim Hollebeek
- Re: [lamps] CAA tags Ryan Sleevi
- Re: [lamps] CAA tags Tim Hollebeek
- Re: [lamps] CAA tags Rob Stradling
- Re: [lamps] CAA tags Phillip Hallam-Baker
- Re: [lamps] CAA tags Stephen Farrell
- Re: [lamps] CAA tags Ryan Sleevi
- Re: [lamps] CAA tags Tim Hollebeek
- Re: [lamps] CAA tags Tim Hollebeek
- Re: [lamps] CAA tags Stephen Farrell
- Re: [lamps] CAA tags Tim Hollebeek
- Re: [lamps] CAA tags Ryan Sleevi
- Re: [lamps] CAA tags Tim Hollebeek