Ø Might not that bad as long as CAs offer both versions. But we have other
pending changes? because of insecure? DVSNI challenges. They should maybe
coordinated and updated at once.
This is an RFC-in-progress. We’re likely to settle on one version of each type.
2015-11-19 20:23 GMT+01:00 Salz, Rich :
> Ø I'd prefer that currently, way better than having a lot of different
> specs with only minimal differences.
>
> We’re not going to have lots of different specs, we’re just bumping the
> version number because there are already
+1 for .txt, there are servers configured to serve only specific file
extensions.
Regards, Niklas
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
Here's yet another problem reported by a user that would be solved by
switching to .txt answer locations.
https://github.com/Lone-Coder/letsencrypt-win-simple/issues/7
Typically web servers are already setup to host robots.txt so placing a
.txt file on a server should be the least demanding
On Wednesday, November 18, 2015, Bryan Livingston
wrote:
> Here's yet another problem reported by a user that would be solved by
> switching to .txt answer locations.
>
> https://github.com/Lone-Coder/letsencrypt-win-simple/issues/7
>
> Typically web servers are
How would the transition work? Which URI does the server query then? Both?
Or would the client just send the extension in the challenge answer?
Regards, Niklas
2015-11-18 19:45 GMT+01:00 Ted Hardie :
> On Wed, Nov 18, 2015 at 10:00 AM, Peter Eckersley wrote:
>
It wouldn't break my client if the ACME servers started appending .txt to
the answer location. I'm just taking that string and using it as a
filename. Does the python client do the same?
On Wed, Nov 18, 2015 at 11:37 AM, Niklas Keller wrote:
> 2015-11-18 19:00 GMT+01:00 Peter
On Wed, Nov 18, 2015 at 10:00 AM, Peter Eckersley wrote:
> Sounds like we have emerging consensus around this version of 3b. Does
> anyone know of anything it breaks?
>
> On Wed, Nov 18, 2015 at 05:51:55PM +0100, Niklas Keller wrote:
> > +1 for .txt, there are servers configured
I was hoping that the server could just add a .txt to the end of the answer
string location that it ask the client to make available on the web server.
My client would just work with no changes in that case, and the python
client might as well.
On Fri, Nov 13, 2015 at 6:56 AM, Richard Barnes
https://github.com/ietf-wg-acme/acme/pull/40 was just merged, but we
didn't actually get consensus that dropping Content-Type restrictions
altogether was a good idea.
The options are:
0.keep the old spec (Content-Type application/jose+json, no file
extensions allowed)
1 keep the
I should have added another option, 3b, drop the Content-Type
restriction but allow file extensions.
Sounds like that would be a win on IIS.
On Thu, Nov 12, 2015 at 05:05:53PM -0800, Martin Thomson wrote:
> On 12 November 2015 at 16:44, Peter Eckersley wrote:
> > But is 3 the best
Sorry if I pulled the trigger on that one a bit early. Happy to
revise, as always.
I think there was pretty feeling in the room at the IETF meeting that
Content-Type checking was not doing much. Are we aware of any actual
scenarios where untrusted entities can write to .well-known
directories?
On 12 November 2015 at 16:44, Peter Eckersley wrote:
> But is 3 the best answer?
Of those presented, I think so. I know that this isn't a great answer
(it's bad already, so bad must be OK), but being able to drop things
into .well-known opens a raft of other interesting attacks.
13 matches
Mail list logo