Re: [Acme] Removing OOB Challenge Type

[Salz, Rich]

Thank you for the reminder.

As chair, I say that we have consensus to remove the OOB challenge.

___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

Re: [Acme] Removing OOB Challenge Type

[Daniel McCarney]

Happy Friday folks ;-)

Can we move forward with removing the OOB challenge? It seems like there is
rough consensus:

Clint, Jacob, Andrew and myself all vote for removal. Robert posed one
use-case that he thought required OOB challenges but doesn't, and one
use-case where they have plans for the future but no concrete
implementations.


On Thu, Nov 30, 2017 at 11:42 AM, Salz, Rich  wrote:

> Does anyone disagree with Daniel’s reasoning?  If so, please speak up
> before next Friday.
>
>
>
> Daniel, please do not merge this until we determine WG consensus.
>
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

Re: [Acme] Removing OOB Challenge Type

[Daniel McCarney]

>
> That’s not right.  Deployments rarely occur right as the draft is finished.


What isn't right? I expressed an opinion that entering last call for
specification text that hasn't been implemented by anyone seems like a
recipe for errata. My comment was also specific to implementations not
deployments.

For added context, the OOB challenge type has been in the spec largely
unchanged for two years[0].  Plans to use something are nice but I thought
our goal was rough consensus and running code.

[0] -
https://github.com/ietf-wg-acme/acme/commit/3e64248088da56f046c7448a84a0263d1328f470


On Fri, Dec 1, 2017 at 10:36 AM, Salz, Rich  wrote:

>
>- What date is planned for this release? If there won't be a client
>and server implementation available by the time we enter last call I still
>think it is most appropriate to defer the OOB challenge type as follow-up
>work.
>
>
> That’s not right.  Deployments rarely occur right as the draft is finished.
>
>
>
> So the question was asked, is anyone planning on using this?  And we got a
> definitive yes answer.  I think the question now becomes, are the
> alternatives acceptable?
>
>
>
> We can of course still decide that OOB should be removed, but let’s talk
> about options right now.
>
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

Re: [Acme] Removing OOB Challenge Type

[Robert Kästel]

We at Telia Company are working on an ACME server implementation that is
going to integrate with an existing CA system using external account
binding.
We're planning on using the OOB challenge type to signify pre-authorized
domains (in the existing CA system) as already validated challenges in the
ACME response, as described in section 7.4.1 Pre-authorization [0]. This is
planned for the first release of the ACME service.

Another use for it we're planning is to support validating EV and OV
certificates using an OOB href/URL.

[0]
https://ietf-wg-acme.github.io/acme/draft-ietf-acme-acme.html#rfc.section.7.4.1

regards,
Robert Kästel

On Fri, Dec 1, 2017 at 12:07 AM, Andrew Ayer  wrote:

> No objections here.
>
> Regards,
> Andrew
>
> On Thu, 30 Nov 2017 10:22:56 -0800
> Jacob Hoffman-Andrews  wrote:
>
> > I agree with this change. It's a good plan to not try and pre-specify
> > things like OOB that aren't on anyone's roadmap, because that leaves
> > the space open for a better specification once someone wants to
> > implement it.
> >
> > On 11/30/2017 09:39 AM, Clint Wilson wrote:
> > >
> > > I agree with the reasoning and decision to remove this.
> > > While I think it's possible for this challenge type to become useful
> > > in the future, I don't have any justification for keeping it in in
> > > the meantime. As Daniel notes, it's straightforward to add it back
> > > if needed.
> > >
> > >
> > > On Thu, Nov 30, 2017, 10:25 AM Daniel McCarney  > > > wrote:
> > >
> > > > Daniel, please do not merge this until we determine WG
> > > >consensus
> > >
> > > Of course :-) I don't have any merge privileges!
> > >
> > > On Thu, Nov 30, 2017 at 11:42 AM, Salz, Rich  > > > wrote:
> > >
> > > Does anyone disagree with Daniel’s reasoning?  If so, please
> > > speak up before next Friday.
> > >
> > >
> > >
> > > Daniel, please do not merge this until we determine WG
> > > consensus.
> > >
> > >
> > > ___
> > > Acme mailing list
> > > Acme@ietf.org 
> > > https://www.ietf.org/mailman/listinfo/acme
> > >
> > >
> > >
> > > ___
> > > Acme mailing list
> > > Acme@ietf.org
> > > https://www.ietf.org/mailman/listinfo/acme
> >
>
> ___
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

Re: [Acme] Removing OOB Challenge Type

[Jacob Hoffman-Andrews]

I agree with this change. It's a good plan to not try and pre-specify
things like OOB that aren't on anyone's roadmap, because that leaves the
space open for a better specification once someone wants to implement it.

On 11/30/2017 09:39 AM, Clint Wilson wrote:
>
> I agree with the reasoning and decision to remove this.
> While I think it's possible for this challenge type to become useful
> in the future, I don't have any justification for keeping it in in the
> meantime. As Daniel notes, it's straightforward to add it back if needed.
>
>
> On Thu, Nov 30, 2017, 10:25 AM Daniel McCarney  > wrote:
>
> > Daniel, please do not merge this until we determine WG consensus
>
> Of course :-) I don't have any merge privileges!
>
> On Thu, Nov 30, 2017 at 11:42 AM, Salz, Rich  > wrote:
>
> Does anyone disagree with Daniel’s reasoning?  If so, please
> speak up before next Friday.
>
>  
>
> Daniel, please do not merge this until we determine WG consensus.
>
>
> ___
> Acme mailing list
> Acme@ietf.org 
> https://www.ietf.org/mailman/listinfo/acme
>
>
>
> ___
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme

___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

Re: [Acme] Removing OOB Challenge Type

[Daniel McCarney]

> Daniel, please do not merge this until we determine WG consensus

Of course :-) I don't have any merge privileges!


On Thu, Nov 30, 2017 at 11:42 AM, Salz, Rich  wrote:

> Does anyone disagree with Daniel’s reasoning?  If so, please speak up
> before next Friday.
>
>
>
> Daniel, please do not merge this until we determine WG consensus.
>
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme