[lamps] CAA Simplification draft
Jacob Hoffman-Andrews <jsha@eff.org> Wed, 13 September 2017 00:24 UTC
Return-Path: <jsha@eff.org>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 306A213318A for <spasm@ietfa.amsl.com>; Tue, 12 Sep 2017 17:24:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.001
X-Spam-Level:
X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=eff.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v6W3nq4G0L7f for <spasm@ietfa.amsl.com>; Tue, 12 Sep 2017 17:23:58 -0700 (PDT)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15EDC132707 for <spasm@ietf.org>; Tue, 12 Sep 2017 17:23:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Message-ID:Subject:From:To; bh=f7zKrZe4+aqd3YdNC+euMhQuJsJnrAydsJAE2uK4Sfc=; b=jrS5qrNFWDWttA2OlDlzPvUyil5ZvON7g8w0kO+UYMWXSVzWX0dCzbQywbrERVFNdOUTkPum3vS0L95pbEIDrh5ty3HxwvRgpT+3if6Qu9jO2YX2eHOhUjWvQlGDQEUsXX6c8VCqFcDtxTpV0rvtznHpsI03G6w2QwjqHUZnd94=;
Received: ; Tue, 12 Sep 2017 17:23:55 -0700
To: SPASM <spasm@ietf.org>
From: Jacob Hoffman-Andrews <jsha@eff.org>
Message-ID: <02d4e149-b777-5b5c-1cd0-a2c2aae49311@eff.org>
Date: Tue, 12 Sep 2017 17:23:51 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/QkL2PKWUadWpXBZULetCbk-9ViU>
Subject: [lamps] CAA Simplification draft
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 00:24:00 -0000
Hi all, This is a revision to RFC6844 as discussed previously on the list and at IETF 99. In particular, RFC6844 specifies that CAs should implement "tree climbing" not only on the original FQDN, but also on any intermediate CNAMEs discovered during primary lookup. As discussed on-list, this disallows certain deployment scenarios, and can produce surprising results in common CNAME-based hosting scenarios. Additionally, because RFC6844 re-specified parts of CNAME lookup, some details were ambiguous. This draft updates RFC6844 to eliminate tree climbing on CNAME targets, and to reference RFC 1034 for the standard DNS lookup algorithm, including CNAME resolution. Because all of this draft is the same as RFC6884 except for the "Certification Authority Processing" section, I've retained the original two authors and added my own name. Please let me know if IETF etiquette indicates a different approach. I'd like to propose this draft for adoption by the WG. https://www.ietf.org/id/draft-hoffman-andrews-caa-simplification-00.txt Thanks, Jacob
- [lamps] CAA Simplification draft Jacob Hoffman-Andrews
- Re: [lamps] CAA Simplification draft Roland Bracewell Shoemaker
- Re: [lamps] CAA Simplification draft Jacob Hoffman-Andrews
- Re: [lamps] CAA Simplification draft Roland Bracewell Shoemaker
- Re: [lamps] CAA Simplification draft fujiwara
- Re: [lamps] CAA Simplification draft Phillip Hallam-Baker
- Re: [lamps] CAA Simplification draft Jacob Hoffman-Andrews