Re: [Acme] Rolling keys and pending validations

2017-07-07 Thread Jacob Hoffman-Andrews
On 07/07/2017 12:35 PM, Richard Barnes wrote: > Whether clients will notice depends on how we change the syntax to > express the "binding". You seem to be assuming that we'll keep the > syntax the same. That would mean that the server would note the > keyAuthorization to be used with the

Re: [Acme] Rolling keys and pending validations

2017-07-07 Thread Richard Barnes
On Fri, Jul 7, 2017 at 2:06 PM, Jacob Hoffman-Andrews wrote: > On 07/07/2017 06:42 AM, Richard Barnes wrote: > > C) Instead of using *key* authorizations, use *account* > > authorizations. Instead of the object being of "token.H(key)", make > > it "token.H(account-url)". > I like

Re: [Acme] Consensus -- CAA draft to WGLC?

2017-07-07 Thread Richard Barnes
On Thu, Jul 6, 2017 at 11:57 AM, Salz, Rich wrote: > So let's see. Can we live with this? > > Create a spec-required registry for validation method names. > I share Hugo's concern about divergence here. Should we maybe just put these in the ACME challenge types registry? It

Re: [Acme] Consensus -- CAA draft to WGLC?

2017-07-07 Thread Hugo Landau
>On Thu, Jul 6, 2017 at 11:57 AM, Salz, Rich <[1]rs...@akamai.com> wrote: > > So let's see.  Can we live with this? > > Create a spec-required registry for validation method names. > >I share Hugo's concern about divergence here.  Should we maybe just put >these in the

Re: [Acme] Consensus -- CAA draft to WGLC?

2017-07-07 Thread Salz, Rich
> https://github.com/ietf-wg-acme/acme/pull/332 I like this. I proposed one minor wording clarification. ___ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme

Re: [Acme] Automated procedure for DNS challenge records?

2017-07-07 Thread Ilari Liusvaara
On Fri, Jul 07, 2017 at 07:04:27AM +0200, Rene 'Renne' Bartsch, B.Sc. Informatics wrote: > > A lot of DNS server providers do not allow to modify the zones on the fly. > My DNS server provider e.g. uses a hidden primary DNS for security reasons. > Changing zones is only possible manually via the

Re: [Acme] Consensus -- CAA draft to WGLC?

2017-07-07 Thread Richard Barnes
On Fri, Jul 7, 2017 at 9:33 AM, Hugo Landau wrote: > >On Thu, Jul 6, 2017 at 11:57 AM, Salz, Rich <[1]rs...@akamai.com> > wrote: > > > > So let's see. Can we live with this? > > > > Create a spec-required registry for validation method names. > > > >I

Re: [Acme] Rolling keys and pending validations

2017-07-07 Thread Richard Barnes
On Wed, Jul 5, 2017 at 6:03 PM, Jacob Hoffman-Andrews wrote: > On 06/30/2017 09:54 AM, Dunning, John wrote: > > Based on your description below, I think door A makes more sense to me. > My paraphrase of it is that key authorizations get bound at creation time, > and thus get