Re: [Spasm] Erratum 4988
Jacob Hoffman-Andrews <jsha@eff.org> Thu, 01 June 2017 00:39 UTC
Return-Path: <jsha@eff.org>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6187312945A for <spasm@ietfa.amsl.com>; Wed, 31 May 2017 17:39:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.103
X-Spam-Level:
X-Spam-Status: No, score=-5.103 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=eff.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 82-Szl9L8QLZ for <spasm@ietfa.amsl.com>; Wed, 31 May 2017 17:39:16 -0700 (PDT)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 468EA126C23 for <spasm@ietf.org>; Wed, 31 May 2017 17:39:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:References:To:From:Subject; bh=vhQnOlkAbRKqgt/Nk7ByoZsgjyHJuXBGZNMZ81alYB4=; b=KUSNgJXqONhQVYAbkLLAYrr8vxcXO+OpGLabibQ99QPpyS7xUxcLINxrX1xE4GhrpHwsLtrHE69g0ZMxDWobgsxJmYQThCUyUFcvHje7Z6y/KoidBXjmYKESwLIxko0ctBaxgtI1lwkqyotBnEzN8erAlMVIujo8JMCai631ZJw=;
Received: ; Wed, 31 May 2017 17:39:13 -0700
From: Jacob Hoffman-Andrews <jsha@eff.org>
To: SPASM <spasm@ietf.org>, Phillip Hallam-Baker <phill@hallambaker.com>, Rob Stradling <rob.stradling@comodo.com>
References: <3c0da781-2586-647e-7332-c7233dd9570d@eff.org>
Message-ID: <2a5e2bbf-5441-f647-bb98-6578376e69a7@eff.org>
Date: Wed, 31 May 2017 17:39:13 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <3c0da781-2586-647e-7332-c7233dd9570d@eff.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Received-SPF: skipped for local relay
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/vmpi_X9IE8kuRmNEAUo_9ZjiK3Q>
Subject: Re: [Spasm] Erratum 4988
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jun 2017 00:39:18 -0000
Hi Phillip, Did you see this earlier mail from me? I think at least the "is not empty" should be fixed before we submit a ballot to CA/Browser Forum. Ideally I'd like to land the simpler language I proposed, but I'd be fine with your offered text if we add the missing "is not empty." On 04/05/2017 12:43 PM, Jacob Hoffman-Andrews wrote: > https://www.rfc-editor.org/errata_search.php?eid=4988 > > Rob Stradling said: >> 2. Bug?: Shouldn't this... >> o If A(X) is not null, and CAA(A(X)), then R(X) = >> CAA(X), otherwise >> >> ...actually be this... >> >> o If A(X) is not null, and CAA(A(X)), then R(X) = >> CAA(A(X)), otherwise > A further edit: "and CAA(A(X))" should be "and CAA(A(X)) is not empty" > > Also, did you see my earlier suggestion on the list? I think now that we > aren't tree-climbing on CNAME targets, we can express this algorithm in > a more straightforward way that emphasizes its similarity to how other > DNS records are looked up: > > ----- Proposal ----- > Let CAA(X) be the record set returned by performing a CAA record > query on the domain name X, according to the name server lookup > algorithm specified in RFC 1034 section 4.3.2 (in particular including > CNAME responses). Let P(X) be the domain name produced by removing the > leftmost label of X. > > - If CAA(X) contains any CAA resource records, R(X) = CAA(X), otherwise > - If P(X) is the root domain '.', then R(X) is empty, otherwise > - R(X) = R(P(X)) > > ----- End proposal -----
- [Spasm] Erratum 4988 Jacob Hoffman-Andrews
- Re: [Spasm] Erratum 4988 Jacob Hoffman-Andrews
- Re: [Spasm] Erratum 4988 Phillip Hallam-Baker
- Re: [Spasm] Erratum 4988 Jacob Hoffman-Andrews
- Re: [Spasm] Erratum 4988 Phillip Hallam-Baker
- Re: [Spasm] Erratum 4988 Phillip Hallam-Baker
- Re: [Spasm] Erratum 4988 Jacob Hoffman-Andrews
- Re: [Spasm] Erratum 4988 Phillip Hallam-Baker
- Re: [lamps] [Spasm] Erratum 4988 Jacob Hoffman-Andrews
- Re: [lamps] [Spasm] Erratum 4988 Phillip Hallam-Baker
- Re: [lamps] [Spasm] Erratum 4988 Jacob Hoffman-Andrews
- Re: [lamps] [Spasm] Erratum 4988 Phillip Hallam-Baker
- Re: [lamps] [Spasm] Erratum 4988 Salz, Rich
- Re: [lamps] [Spasm] Erratum 4988 Phillip Hallam-Baker
- Re: [lamps] [Spasm] Erratum 4988 Phillip Hallam-Baker
- Re: [lamps] [Spasm] Erratum 4988 Salz, Rich
- Re: [lamps] [Spasm] Erratum 4988 Phillip Hallam-Baker
- Re: [lamps] [Spasm] Erratum 4988 Salz, Rich
- Re: [lamps] [Spasm] Erratum 4988 Jacob Hoffman-Andrews
- Re: [lamps] [Spasm] Erratum 4988 Salz, Rich
- Re: [lamps] [Spasm] Erratum 4988 Phillip Hallam-Baker
- Re: [lamps] [Spasm] Erratum 4988 Phillip Hallam-Baker
- Re: [lamps] [Spasm] Erratum 4988 Jacob Hoffman-Andrews
- Re: [lamps] [Spasm] Erratum 4988 Jacob Hoffman-Andrews
- Re: [lamps] [Spasm] Erratum 4988 Jacob Hoffman-Andrews
- Re: [lamps] [Spasm] Erratum 4988 Phillip Hallam-Baker
- Re: [lamps] [Spasm] Erratum 4988 Jacob Hoffman-Andrews