holes compared to the
presently-industry-accepted methods of validating domain control.
Doug
From: Acme [mailto:acme-boun...@ietf.org <mailto:acme-boun...@ietf.org> ] On
Behalf Of Daniel McCarney
Sent: Monday, February 26, 2018 2:14 PM
Cc: IETF ACME mailto:acme@ietf.org> >
Subj
It’s good to see that there is a great deal of outside interest in this draft.
It would be *really way much better* if we first had the main document done.
Folks involved in that, please don’t get distracted by this – there will be
plenty of time later. But first let’s get the main document in
I would concur that this mechanism far exceeds the original TLS-SNI-0x
proposals.
Significantly, it no longer abuses SNI routing flows over which initial
assumptions about web host behavior were not borne out in the field. Instead,
it requires that the server-side end of the TLS conversation b
the mitigations, which is
good – we need TLS based method.
From: Ryan Sleevi [mailto:ryan-i...@sleevi.com]
Sent: Monday, February 26, 2018 4:09 PM
To: Doug Beattie
Cc: c...@letsencrypt.org; IETF ACME
Subject: Re: [Acme] ALPN based TLS challenge
On Mon, Feb 26, 2018 at 3:33 PM, Doug Beattie
>
>
> Doug
>
>
>
> *From:* Acme [mailto:acme-boun...@ietf.org] *On Behalf Of *Daniel McCarney
> *Sent:* Monday, February 26, 2018 2:14 PM
> *Cc:* IETF ACME
> *Subject:* Re: [Acme] ALPN based TLS challenge
>
>
>
> +1
>
> The WG should adopt thi
with the CABF? I’d recommend that someone send this
out to the public list for feedback.
Doug
From: Acme [mailto:acme-boun...@ietf.org] On Behalf Of Daniel McCarney
Sent: Monday, February 26, 2018 2:14 PM
Cc: IETF ACME
Subject: Re: [Acme] ALPN based TLS challenge
+1
The WG should adopt this
+1
The WG should adopt this document. I will volunteer to help review if
adopted.
On Mon, Feb 26, 2018 at 12:02 PM, Richard Barnes wrote:
> +1
>
> This approach is a major improvement from earlier efforts at a TLS-based
> challenge. It follows normal TLS processing logic much more closely,
>
+1
This approach is a major improvement from earlier efforts at a TLS-based
challenge. It follows normal TLS processing logic much more closely,
differing only in the fact that the certificate presented has an extra
extension. Minimizing the differences w.r.t. normal behavior seems like a
good a
I’ll be at the meeting in London and would be happy to give a quick
introduction/overview of the method if adopted.
> On Feb 23, 2018, at 8:31 AM, Salz, Rich wrote:
>
>
>> Here is the ID:
>> https://datatracker.ietf.org/doc/draft-shoemaker-acme-tls-alpn/
>
> Should the WG adopt this docume
On Fri, Feb 23, 2018 at 04:41:20PM +, Stephen Farrell wrote:
>
>
> On 23/02/18 16:31, Salz, Rich wrote:
> >
> >> Here is the ID:
> >> https://datatracker.ietf.org/doc/draft-shoemaker-acme-tls-alpn/
> >
> > Should the WG adopt this document?
>
> Yes.
>
> Having a sufficiently secure mech
On Fri, Feb 23, 2018 at 03:04:46PM +, Doug Beattie wrote:
>
> Oh yes, right. The scope of attack is only those domains that point to the
> same IP address. But, this still relies on web hosting companies to have
> secure configurations such that User A cant get a cert for user B's domain
>
On 23/02/18 16:31, Salz, Rich wrote:
>
>> Here is the ID:
>> https://datatracker.ietf.org/doc/draft-shoemaker-acme-tls-alpn/
>
> Should the WG adopt this document?
Yes.
Having a sufficiently secure mechanism that works on port 443 is
a good thing in general. I'm not sure how many folks were
>Here is the ID:
> https://datatracker.ietf.org/doc/draft-shoemaker-acme-tls-alpn/
Should the WG adopt this document? Speak up now, we'll make a consensus
decision next week. Also if you are able to help work on it. If adopted, I
would expect this to be on the agenda for London next m
everything in
its power to ensure security.
Originalmeddelande Från: Doug Beattie
Datum: 2018-02-23 16:04 (GMT+01:00) Till:
Sebastian Nielsen , 'Roland Bracewell Shoemaker'
, 'Rich Salz' Kopia: 'IETF ACME'
, 'Martin Thomson' Rubrik: RE:
I'm in for it also.
Doug
> -Original Message-
> From: Sebastian Nielsen [mailto:sebast...@sebbe.eu]
> Sent: Friday, February 23, 2018 9:48 AM
> To: Doug Beattie ; 'Roland Bracewell
> Shoemaker' ; 'Rich Salz'
> Cc: 'IETF ACME' ;
; 'Roland Bracewell Shoemaker'
; 'Rich Salz'
Kopia: 'IETF ACME' ; 'Martin Thomson'
Ämne: RE: [Acme] ALPN based TLS challenge [invalid signature!]
Does this prevent an advisory from setting up their own "hosting provider"
and getting certificate
February 23, 2018 9:43 AM
> To: Doug Beattie ; 'Roland Bracewell
> Shoemaker' ; 'Rich Salz'
> Cc: 'IETF ACME' ; 'Martin Thomson'
>
> Subject: SV: [Acme] ALPN based TLS challenge
>
> The problem was that there was hosting providers which
ill: Roland Bracewell Shoemaker ; Rich Salz
Kopia: IETF ACME ; Martin Thomson
Ämne: Re: [Acme] ALPN based TLS challenge
I'm probably not understanding a key piece of technical info about the
protocol, but when I see this statement it makes me think it has similar
issues to tls-sni-01. If
On Fri, Feb 23, 2018 at 01:17:53PM +, Doug Beattie wrote:
> I'm probably not understanding a key piece of technical info about the
> protocol, but when I see this statement it makes me think it has similar
> issues to tls-sni-01. If we're relying on the hosting provider enforcing
> certain con
ilto:acme-boun...@ietf.org] On Behalf Of Roland Bracewell
> Shoemaker
> Sent: Friday, February 23, 2018 3:00 AM
> To: Rich Salz
> Cc: IETF ACME ; Martin Thomson
>
> Subject: Re: [Acme] ALPN based TLS challenge
>
> Here is the ID: https://datatracker.ietf.org/doc/draft-shoe
Here is the ID: https://datatracker.ietf.org/doc/draft-shoemaker-acme-tls-alpn/
> On Feb 22, 2018, at 8:38 PM, Salz, Rich wrote:
>
> Yes, like Martin said, submit the individual draft and we can call for
> adoption.
>
___
Acme mailing list
Acme@ietf
On Thu, Feb 22, 2018 at 05:48:23PM -0800, Roland Bracewell Shoemaker wrote:
> Hey all,
>
> After the issues with the SNI based TLS challenges were discovered
> there was interest from a number of parties in developing another
> challenge that did validation at the TLS layer. After some discussion
Yes, like Martin said, submit the individual draft and we can call for adoption.
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
Now is probably the time to publish in internet-draft form:
https://datatracker.ietf.org/submit/
On Fri, Feb 23, 2018 at 12:48 PM, Roland Bracewell Shoemaker
wrote:
> Hey all,
>
> After the issues with the SNI based TLS challenges were discovered there was
> interest from a number of parties in
Hey all,
After the issues with the SNI based TLS challenges were discovered there was
interest from a number of parties in developing another challenge that did
validation at the TLS layer. After some discussion about possibilities we’ve
come up with a new challenge type based on ALPN which we
25 matches
Mail list logo