Hello,
I read over draft-ietf-acme-tls-alpn-00 and noticed two things:
1) Section 3 states, " If all of the above steps succeed then the validation is 
successful, otherwise it fails.  Once the handshake has been completed the 
connection should be immediately closed and no further data should be
   exchanged". Perhaps I'm reading this too literally, but I think this is 
ambiguous, where "handshake" can mean either the TLS handshake in its entirety 
(such as sending ChangedCipherSpec/Finished messages, etc.) or if the 
connection should be terminated upon the client receiving the ServerHello 
message (which is the entirety of the "handshake" described in steps 1-3). I 
imagine the former is preferable, so the wording should perhaps explicitly 
specify "TLS handshake".
2) Section 5 (IANA considerations) has no mention of updating the IANA 
"Application-Layer Protocol Negotiation (ALPN) Protocol IDs" registry 
(https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids)
 with the new ALPN identifier "acme-tls/1". For consistency with other 
documents that define ALPN identifiers, "acme-tls/1" should probably be added 
to the registry.

Thanks,
Corey
 
Corey Bonnell
Trustwave | SMART SECURITY ON DEMAND

On 3/2/18, 9:35 PM, "Acme on behalf of internet-dra...@ietf.org" 
<acme-boun...@ietf.org on behalf of internet-dra...@ietf.org> wrote:

    
    A New Internet-Draft is available from the on-line Internet-Drafts 
directories.
    This draft is a work item of the Automated Certificate Management 
Environment WG of the IETF.
    
            Title           : ACME TLS ALPN Challenge Extension
            Author          : Roland Bracewell Shoemaker
        Filename        : draft-ietf-acme-tls-alpn-00.txt
        Pages           : 7
        Date            : 2018-03-02
    
    Abstract:
       This document specifies a new challenge for the Automated Certificate
       Management Environment (ACME) protocol which allows for domain
       control validation using TLS.
    
    
    The IETF datatracker status page for this draft is:
    
https://scanmail.trustwave.com/?c=4062&d=3oma2gDctiWeny5cn5DkGORX4VGQZeWcDcJBnrjUUw&s=5&u=https%3a%2f%2fdatatracker%2eietf%2eorg%2fdoc%2fdraft-ietf-acme-tls-alpn%2f
    
    There are also htmlized versions available at:
    
https://scanmail.trustwave.com/?c=4062&d=3oma2gDctiWeny5cn5DkGORX4VGQZeWcDcUSzejVAQ&s=5&u=https%3a%2f%2ftools%2eietf%2eorg%2fhtml%2fdraft-ietf-acme-tls-alpn-00
    
https://scanmail.trustwave.com/?c=4062&d=3oma2gDctiWeny5cn5DkGORX4VGQZeWcDZYWlLnWVQ&s=5&u=https%3a%2f%2fdatatracker%2eietf%2eorg%2fdoc%2fhtml%2fdraft-ietf-acme-tls-alpn-00
    
    
    Please note that it may take a couple of minutes from the time of submission
    until the htmlized version and diff are available at 
http://scanmail.trustwave.com/?c=4062&d=3oma2gDctiWeny5cn5DkGORX4VGQZeWcDcRGzujXDg&s=5&u=http%3a%2f%2ftools%2eietf%2eorg
    
    Internet-Drafts are also available by anonymous FTP at:
    ftp://ftp.ietf.org/internet-drafts/
    
    _______________________________________________
    Acme mailing list
    Acme@ietf.org
    
https://scanmail.trustwave.com/?c=4062&d=3oma2gDctiWeny5cn5DkGORX4VGQZeWcDcJEnbHYBQ&s=5&u=https%3a%2f%2fwww%2eietf%2eorg%2fmailman%2flistinfo%2facme
    

_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

Reply via email to