Re: [lamps] Fwd: [pkix] [Technical Errata Reported] RFC6844 (5200)
Jacob Hoffman-Andrews <jsha@eff.org> Sat, 16 December 2017 04:06 UTC
Return-Path: <jsha@eff.org>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 10A88124D85
for <spasm@ietfa.amsl.com>; Fri, 15 Dec 2017 20:06:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7
X-Spam-Level:
X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=eff.org
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id v6hnrVREzRBE for <spasm@ietfa.amsl.com>;
Fri, 15 Dec 2017 20:06:03 -0800 (PST)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204])
(using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id E6F621270A3
for <spasm@ietf.org>; Fri, 15 Dec 2017 20:06:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org;
s=mail2;
h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject;
bh=cEmvLm5bKtX98TB/5y25IgNRq+Q9RRTZXCS9f2gNHAQ=;
b=m7HlNl61pyOwnUoU5+w9Cfgcg+qE47n6efFb7WOaBnSgjb5xc96fKsN12uEsNx2nXIiRL6+FOPNedFAKV6QIHrvbOvSHNdpGrK68YXYEqxYof+MRlw0OqM4y67wC52cEMqB8vIqVEOStNg1kTv3D8NEjBrYRj0zBdyoCPn0qaD0=;
Received: ; Fri, 15 Dec 2017 20:05:59 -0800
To: spasm@ietf.org
References: <20171208180055.ACB1EB81ACE@rfc-editor.org>
<5AB43438-406D-482D-81DD-B9A30BE84459@vigilsec.com>
From: Jacob Hoffman-Andrews <jsha@eff.org>
Message-ID: <ad5b6045-84ba-32b3-7739-b2464fc40c2f@eff.org>
Date: Fri, 15 Dec 2017 20:05:57 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <5AB43438-406D-482D-81DD-B9A30BE84459@vigilsec.com>
Content-Type: text/plain; charset=windows-1252
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/QW06wKAk43gwi9reJlJf27n75E0>
Subject: Re: [lamps] Fwd: [pkix] [Technical Errata Reported] RFC6844 (5200)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime
\(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>,
<mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>,
<mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Dec 2017 04:06:06 -0000
On 12/08/2017 10:16 AM, Russ Housley wrote: > http://www.rfc-editor.org/errata/eid5200 The question here is whether CAA records with property tags should look like: example.com. IN CAA 0 issue "example.net; foo=bar bar=qux" or: example.com. IN CAA 0 issue "example.net; foo=bar; bar=qux" (note the second semicolon) I think the original text is ambiguous on the point, and since property tags are not yet widely deployed this is a somewhat free choice. I think the version where property tags are separated by semicolons makes more sense and is less error prone. It also happens to be what Hugo Landau's draft for CAA Record Extensions uses: https://tools.ietf.org/html/draft-ietf-acme-caa-03#page-9 And what was briefly implemented in Let's Encrypt's Boulder (since rolled back due to a bug): https://github.com/letsencrypt/boulder/pull/3145/files#diff-3efab53f2bcc543ac2e771ec882c57c1L310 So my feeling is we should reject this erratum and clarify in the other direction, requiring semicolons between property tags. Thoughts?
- [lamps] Fwd: [pkix] [Technical Errata Reported] R… Russ Housley
- Re: [lamps] Fwd: [pkix] [Technical Errata Reporte… Jacob Hoffman-Andrews
- Re: [lamps] Fwd: [pkix] [Technical Errata Reporte… Tim Hollebeek
- Re: [lamps] Fwd: [pkix] [Technical Errata Reporte… Corey Bonnell
- Re: [lamps] Fwd: [pkix] [Technical Errata Reporte… Tim Hollebeek