IETF Logo Mail Archive

Re: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state "Candidate for WG Adoption"

Tim Hollebeek <tim.hollebeek@digicert.com> Mon, 26 February 2018 14:46 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6125E12D77C; Mon, 26 Feb 2018 06:46:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FTfedB4YKBZB; Mon, 26 Feb 2018 06:46:37 -0800 (PST)
Received: from mail1.bemta8.messagelabs.com (mail1.bemta8.messagelabs.com [216.82.243.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 538A1120725; Mon, 26 Feb 2018 06:46:34 -0800 (PST)
Received: from [216.82.241.100] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-3.bemta-8.messagelabs.com id BF/73-00655-9CD149A5; Mon, 26 Feb 2018 14:46:33 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WSfUgTYRzHe+5u8wxXj3Pmr+EqR2FG8yUrZgOJCKygCPrHhmCnnm64Tdmt0pQIKvEtK5ReJDNKDNQKl5KJ72iaUqmFqSRpmunMJLWsBdXdbvZyfxyf5/f9/l6ehx9NykekSppNs7FWC2NSS1dSgxtqsaZLVaQPdXSrtBcGm6TaynM9SPuy5J5Ue3Mgfje1r6zsO3EY6SVGS1xK2jGJoaymWZI6HZX2MWeQOIPu781FK2kKzxFgd2ZJhIMcXyGgeukuEg+jCIpnqz1ykSctxaEw0NhJCIICf0UwMdrvEnxwBjx/PEkIrMCZMF13jRR5GyxevOqKU3gTfL99jhJYhmOgo/o676H5DgehoSRTCHviQzBXaXdZEF4DS91VrlQS+8HwRKmLAStgrK9HKrIvTI//lIj+GChZaHPHA2B6pocUWQX9pXmuywCuIaCmt4wShWCovTyLRD4I+X2vSdGUQ8Dl4bfuSlug6tsiJQwKOBl+lGMxrIOuO0OU6J8ioKfji7ubP7Q8KHfzNwncWvQVWI4ToKhCmE5IeIEgt7CTEF9OCSOvctAlFFT8z02LeR+JSxG8c7ZKil0v5g1Pr09QokkD9U0tpMjr4dHsDTfr4JqzVSpyABTljXmIvANmOj6jW4iuQIEcaz3BWjXhwXFWY5LBZmaMJk1YqDbYzHIck8SamDguOD7FbEf8eq3gvzrU/HNPG1pLE2pfmbq7UC9fFZeSkG5gOEOs9biJ5dqQP02rQTbvX6SXe1vZJDYt0Wjid3RZBtpLrZAVCLKMS2XMnDFJlLpRBP3q6ocskh6cmuH/TntjDimnLCkWVuknaxQSsJBgOG75U2556/uRSukjQ/yAcq9U1mo22v7XHciPRmof2ZxQxctosf3p6uAHIviBon5dEgayMX8l5Rm0rfZKdEih2mmyh9QPRW4ev0lGn7748M2u4ZFnvV89KsJDJp sKGoJidGFT5nXz5bE2nUSv3b/1du2T+j2Z6Yr1AVGwIrk/N1GZHe0fODn0fpeua7ttJ7lwcvWJ9JHkoxq/3dmrTzsWVI7soU8HwmPPt1dEl8e+jGzfeCTjbH71qYgsNcUZmLAtpJVjfgP+ovIi8AMAAA==
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-8.tower-220.messagelabs.com!1519656391!191729785!1
X-Originating-IP: [216.32.181.16]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.9.13; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 17046 invoked from network); 26 Feb 2018 14:46:32 -0000
Received: from mail-co1nam03lp0016.outbound.protection.outlook.com (HELO NAM03-CO1-obe.outbound.protection.outlook.com) (216.32.181.16) by server-8.tower-220.messagelabs.com with AES256-GCM-SHA384 encrypted SMTP; 26 Feb 2018 14:46:32 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=k9GGCKJM/QqYt/k0ZXfiUxPnW/AGda0xTcAxKbPG1R8=; b=L+ys+rkIowEVCx8w/6Vi7U8RJIvzCatlafHAAJhM5kNLGHWY6aETGE3UNq48LyDfrKnSm6ZKTJGpkzpFbOGacWul90Rts8VMSV1U48slxrrj6wH1x++O+CQmjtPnkEFRx304JyshUOyr51FXI+6Fxi8zCS/qG1b4EdTmTegG9eE=
Received: from MWHPR14MB1376.namprd14.prod.outlook.com (10.173.232.139) by MWHPR14MB1678.namprd14.prod.outlook.com (10.171.146.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Mon, 26 Feb 2018 14:46:29 +0000
Received: from MWHPR14MB1376.namprd14.prod.outlook.com ([fe80::7929:3f48:4a4f:1e32]) by MWHPR14MB1376.namprd14.prod.outlook.com ([fe80::7929:3f48:4a4f:1e32%18]) with mapi id 15.20.0527.021; Mon, 26 Feb 2018 14:46:29 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: IETF Secretariat <ietf-secretariat-reply@ietf.org>, "spasm@ietf.org" <spasm@ietf.org>, "lamps-chairs@ietf.org" <lamps-chairs@ietf.org>, "draft-hoffman-andrews-caa-simplification@ietf.org" <draft-hoffman-andrews-caa-simplification@ietf.org>
Thread-Topic: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state "Candidate for WG Adoption"
Thread-Index: AQHTraVorrf6N5rdb0qHBxrDXKeE/KO2wt9A
Date: Mon, 26 Feb 2018 14:46:29 +0000
Message-ID: <MWHPR14MB1376ABAA3A2ADE2383B90BF283C10@MWHPR14MB1376.namprd14.prod.outlook.com>
References: <151950039671.13803.5548300357689455000.idtracker@ietfa.amsl.com>
In-Reply-To: <151950039671.13803.5548300357689455000.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [50.196.75.174]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR14MB1678; 7:OcEbp7GzKYFZ24ymwqm9RA7Q1G6klhAzG4CKTNOTYMqrENtwy0Nt8ZWcndA8S+kURO7omjU3INgz66QVQnMM6SgBI9TlkE70ewyGeDvHNKaN7jPBaTvLD2RNb+xzQXIe2uGpVhUjmdowT5qvWBaJhYL7N9JfrhVwI9/kRGmQTe5BMqF4d8WnZyWKAmAxQpk6F4WO/d2ti9KGIpwkAzeiRMhdEAHniUYLdMotvDlp5DtlB0hxTTyHCBpg4lmAgG29
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 14d2d560-dadc-4ad6-1b78-08d57d27b883
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(5600026)(4604075)(3008032)(2017052603307)(7153060)(49563074)(7193020); SRVR:MWHPR14MB1678;
x-ms-traffictypediagnostic: MWHPR14MB1678:
x-microsoft-antispam-prvs: <MWHPR14MB167800E4E278686B52FDA2F183C10@MWHPR14MB1678.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040501)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(10201501046)(3231220)(944501161)(52105095)(6041288)(2016111802025)(20161123560045)(20161123562045)(20161123564045)(20161123558120)(6043046)(6072148)(201708071742011); SRVR:MWHPR14MB1678; BCL:0; PCL:0; RULEID:; SRVR:MWHPR14MB1678;
x-forefront-prvs: 05954A7C45
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(39860400002)(346002)(366004)(396003)(376002)(13464003)(189003)(199004)(478600001)(316002)(2900100001)(6246003)(99936001)(7736002)(33656002)(2950100002)(3280700002)(14454004)(3660700001)(68736007)(53546011)(8936002)(6506007)(59450400001)(106356001)(76176011)(105586002)(102836004)(5660300001)(7696005)(186003)(26005)(66066001)(81156014)(74316002)(8676002)(305945005)(81166006)(53936002)(2201001)(2906002)(229853002)(6436002)(2501003)(5250100002)(6116002)(110136005)(3846002)(86362001)(966005)(97736004)(25786009)(99286004)(450100002)(9686003)(6306002)(55016002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR14MB1678; H:MWHPR14MB1376.namprd14.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: i+zb52cZrrdOMPLW62shVklfnnas+Z3qAC36k9HnqrhdhkdD8+9d/+fLeE2nOBNCd69zUWoKCx+U/jeuFCIDgKU5LDzZhVHF4d++VGt6DJprcfyXqGIMoaxSBlTB7moY9VnJXeVMzLMLuDTbp+ESL+EqePQT8uCev9nNn4VE68Q=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_00A0_01D3AED5.E8069950"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 14d2d560-dadc-4ad6-1b78-08d57d27b883
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Feb 2018 14:46:29.4339 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR14MB1678
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/kL4_tsdqWkC-vT32IafxdRsnj2g>
Subject: Re: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state "Candidate for WG Adoption"
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2018 14:46:44 -0000

This document contains many useful improvements.

On the subject of blocked queries and responses, the proposed text is
excellent.  It doesn't actually fix anything (just adds a SHOULD and some
informative text and guidance), but it does point out some of the challenges
in this area, and will be helpful in convincing the CA/B Forum that the
current BR CAA error handling requirements are impractical in the world as
it exists today, and need to be revised.  The policy discussion will be much
easier with the documented, specific examples of why the current failure
handling rules cause a lot of pain for people trying to get certificates.
Perhaps it would be worthwhile adding text to clarify that these sorts of
failure can prevent issuance of certificates, even for domains that don't
use and don't want to use CAA.  When CAA was originally being sold, it was
claimed that if people didn't want to use it, they wouldn't be affected, and
that has turned out to be very, very far from the truth.

The draft unfortunately prioritizes a few issues (the CNAME issues and
blocked queries), while ignoring some more critical issues, like the fact
that the RFC 6844 grammar contradicts the examples.  Corey had an excellent
proposed fix for this issue.  It should probably be incorporated.

-Tim

> -----Original Message-----
> From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of IETF Secretariat
> Sent: Saturday, February 24, 2018 12:27 PM
> To: spasm@ietf.org; lamps-chairs@ietf.org; draft-hoffman-andrews-caa-
> simplification@ietf.org
> Subject: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa-
> simplification in state "Candidate for WG Adoption"
> 
> 
> The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state
> Candidate for WG Adoption (entered by Russ Housley)
> 
> The document is available at
> https://datatracker.ietf.org/doc/draft-hoffman-andrews-caa-simplification/
> 
> Comment:
> Should this document be adopted by the LAMPS WG as the starting point for
> rfc6844bis?
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email