Re: [Acme] On multiple CAs and contact-based recovery

2016-03-26 Thread Karthik Bhargavan
> Between these two options, I would be more attracted to the latter. It's > always been a bit of a sore point that the request URI was not covered by the > client's signature, but to avoid the complexity of URL comparison, we did the > "resource" thing instead. But maybe it makes sense to

Re: [Acme] On multiple CAs and contact-based recovery

2016-03-24 Thread Ron
On Thu, Mar 24, 2016 at 11:07:08AM -0400, Richard Barnes wrote: > On Thu, Mar 24, 2016 at 5:42 AM, Ron wrote: > > On Thu, Mar 24, 2016 at 04:45:06PM +1100, Martin Thomson wrote: > > > > > Most operating systems understand how to invoke local software in > > > response to that and

Re: [Acme] On multiple CAs and contact-based recovery

2016-03-24 Thread Ron
Keeping this whole message intact for now, feel free to trim it if we split this into threads on the individual parts. On Thu, Mar 24, 2016 at 11:33:18AM -0400, Richard Barnes wrote: > On Wed, Mar 23, 2016 at 6:33 PM, Karthik Bhargavan < > karthikeyan.bharga...@inria.fr> wrote: > > > Dear

Re: [Acme] On multiple CAs and contact-based recovery

2016-03-24 Thread Richard Barnes
Hey Karthik, Thanks so much for this analysis. Couple of comments inline. On Wed, Mar 23, 2016 at 6:33 PM, Karthik Bhargavan < karthikeyan.bharga...@inria.fr> wrote: > Dear All, > > Recently, after being asked by Josh Aas, I wrote a formal model of the > ACME protocol > in ProVerif and

Re: [Acme] On multiple CAs and contact-based recovery

2016-03-24 Thread Richard Barnes
On Thu, Mar 24, 2016 at 5:42 AM, Ron wrote: > On Thu, Mar 24, 2016 at 04:45:06PM +1100, Martin Thomson wrote: > > On 24 March 2016 at 09:33, Karthik Bhargavan > > wrote: > > > Emails with clickable links are *BAD*; we should enhance their >

Re: [Acme] On multiple CAs and contact-based recovery

2016-03-23 Thread Martin Thomson
On 24 March 2016 at 09:33, Karthik Bhargavan wrote: > Emails with clickable links are *BAD*; we should enhance their security by > linking them better with > the ACME account key. FWIW, I think that a clickable link could be possible, it just wouldn't be able to

Re: [Acme] On multiple CAs and contact-based recovery

2016-03-23 Thread Karthik Bhargavan
Hi Ted, Unfortunately, we wont be in Buenos Aires. But I plan to communicate the details to Richard, who may decide to present some of it. Best, Karthik > On 23 Mar 2016, at 23:54, Ted Hardie wrote: > > Hi Karthik, > > Thanks for your message. Will you or your

Re: [Acme] On multiple CAs and contact-based recovery

2016-03-23 Thread Ted Hardie
Hi Karthik, Thanks for your message. Will you or your co-authors be in Buenos Aires for the IETF? Would you like to present this work to the working group there, if so? thanks, Ted On Wed, Mar 23, 2016 at 3:33 PM, Karthik Bhargavan < karthikeyan.bharga...@inria.fr> wrote: > Dear All, > >

[Acme] On multiple CAs and contact-based recovery

2016-03-23 Thread Karthik Bhargavan
Dear All, Recently, after being asked by Josh Aas, I wrote a formal model of the ACME protocol in ProVerif and analyzed it for various properties. I am still in the process of cleaning up the model and writing up a proper report, but with the next IETF being so close, here’re some early