Re: [Servercert-wg] Message

2023-07-31 Thread Aaron Gable via Servercert-wg 
Agreed, I look forward to discussing this with the whole group.

In general I strongly approve of having CAA checks for all forms of
issuance. However, this version of CAA (implemented as a new second layer
hidden service descriptor) requires the CA to operate a Tor Client in order
to inspect it. This (in my opinion) completely obviates the benefits of the
proposed "onion-csr-01" method (equivalent to the current BRs Appendix B
2.b. method) -- namely that the whole validation process can be conducted
without the CA operating a Tor client to reach out to the onion service in
question. I believe that requiring CAA checks *of this form* will prevent
adoption / implementation by CAs, and thus defeats the purpose of the draft.

Aaron

On Thu, Jul 27, 2023 at 10:40 AM Tim Hollebeek via Servercert-wg <
servercert-wg@cabforum.org> wrote:

> Hello Q,
>
>
>
> My opinion is that this would be a great discussion to have at an upcoming
> meeting of the Validation Subcommittee.
>
>
>
> -Tim
>
>
>
> *From:* Servercert-wg  *On Behalf Of *Dean
> Coclin via Servercert-wg
> *Sent:* Wednesday, July 26, 2023 7:22 PM
> *To:* servercert-wg@cabforum.org
> *Subject:* [Servercert-wg] Message
>
>
>
> One of the new Interested Party members tried to post to the group but it
> bounced. I’ve asked Wayne to look at it but in the meantime, I’m reposting
> the message for him:
>
>
>
> I'd like to start some discussion on the WG's opinions of CAA for Tor
> hidden services, using my draft-ietf-acme-onion
> <https://url.avanan.click/v2/___https:/e.as207960.net/w4bdyj/cNl2iFrs___.YXAzOmRpZ2ljZXJ0OmE6bzpkYjQ2NzJkNWY3YjUxMTJiZmQxNjNmYTk2NTBhZjhkMzo2OjQyMTU6MDk0MWNmODEyMzRiODQ1NDJmNDQ3ZDM3ZGVlYTJlMTllMjg2YTJmMTc2NWMwODE1ZmY4ODhiNGFlOGMzZTEwZjpoOkY>
> and my Tor Spec proposal 343-rend-caa
> <https://url.avanan.click/v2/___https:/e.as207960.net/w4bdyj/YAae97pn___.YXAzOmRpZ2ljZXJ0OmE6bzpkYjQ2NzJkNWY3YjUxMTJiZmQxNjNmYTk2NTBhZjhkMzo2OjBmOGU6NjBhMWYzOTE5ZDVkYmQ1Y2EzZjJkZDA5NTVmZDA1ZjZmNzY2NjdlOGFhOTk2NmUxMTU4M2I1MGZlZWMwNWQwYjpoOkY>,
> as part of the ACME for Onions
> <https://url.avanan.click/v2/___https:/e.as207960.net/w4bdyj/wi4TBMXN___.YXAzOmRpZ2ljZXJ0OmE6bzpkYjQ2NzJkNWY3YjUxMTJiZmQxNjNmYTk2NTBhZjhkMzo2OjQ4NDU6ZjExMjlmOGQzNWZjZjNhZGNjMDhlZWVhZDRlNmQyODBhMTAzOTJiMjUzMWExYjM1OGEzZTJmODAyZDFlMGQzMzpoOkY>
>  project.
>
>
>
> Specifically:
>
> - is this something the WG likes?
>
> - should CAA checking be required for Tor?
>
>
>
>
>
> Thanks,
>
> Q Misell
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> Servercert-wg mailing list
> Servercert-wg@cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
___
Servercert-wg mailing list
Servercert-wg@cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg

Re: [Servercert-wg] Message

2023-07-27 Thread Tim Hollebeek via Servercert-wg 
Hello Q,

My opinion is that this would be a great discussion to have at an upcoming 
meeting of the Validation Subcommittee.

-Tim

From: Servercert-wg  On Behalf Of Dean 
Coclin via Servercert-wg
Sent: Wednesday, July 26, 2023 7:22 PM
To: servercert-wg@cabforum.org
Subject: [Servercert-wg] Message

One of the new Interested Party members tried to post to the group but it 
bounced. I've asked Wayne to look at it but in the meantime, I'm reposting the 
message for him:

I'd like to start some discussion on the WG's opinions of CAA for Tor hidden 
services, using my 
draft-ietf-acme-onion<https://url.avanan.click/v2/___https:/e.as207960.net/w4bdyj/cNl2iFrs___.YXAzOmRpZ2ljZXJ0OmE6bzpkYjQ2NzJkNWY3YjUxMTJiZmQxNjNmYTk2NTBhZjhkMzo2OjQyMTU6MDk0MWNmODEyMzRiODQ1NDJmNDQ3ZDM3ZGVlYTJlMTllMjg2YTJmMTc2NWMwODE1ZmY4ODhiNGFlOGMzZTEwZjpoOkY>
 and my Tor Spec proposal 
343-rend-caa<https://url.avanan.click/v2/___https:/e.as207960.net/w4bdyj/YAae97pn___.YXAzOmRpZ2ljZXJ0OmE6bzpkYjQ2NzJkNWY3YjUxMTJiZmQxNjNmYTk2NTBhZjhkMzo2OjBmOGU6NjBhMWYzOTE5ZDVkYmQ1Y2EzZjJkZDA5NTVmZDA1ZjZmNzY2NjdlOGFhOTk2NmUxMTU4M2I1MGZlZWMwNWQwYjpoOkY>,
 as part of the ACME for 
Onions<https://url.avanan.click/v2/___https:/e.as207960.net/w4bdyj/wi4TBMXN___.YXAzOmRpZ2ljZXJ0OmE6bzpkYjQ2NzJkNWY3YjUxMTJiZmQxNjNmYTk2NTBhZjhkMzo2OjQ4NDU6ZjExMjlmOGQzNWZjZjNhZGNjMDhlZWVhZDRlNmQyODBhMTAzOTJiMjUzMWExYjM1OGEzZTJmODAyZDFlMGQzMzpoOkY>
 project.

Specifically:
- is this something the WG likes?
- should CAA checking be required for Tor?


Thanks,
Q Misell






___
Servercert-wg mailing list
Servercert-wg@cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg

[Servercert-wg] Message

2023-07-26 Thread Dean Coclin via Servercert-wg 
One of the new Interested Party members tried to post to the group but it
bounced. I've asked Wayne to look at it but in the meantime, I'm reposting
the message for him:

 

I'd like to start some discussion on the WG's opinions of CAA for Tor hidden
services, using my draft-ietf-acme-onion
  and my Tor Spec proposal
343-rend-caa  , as part of the ACME
for Onions   project.

 

Specifically:

- is this something the WG likes?

- should CAA checking be required for Tor?

 

 

Thanks,

Q Misell

 

 

 

 

 

 



smime.p7s
Description: S/MIME cryptographic signature
___
Servercert-wg mailing list
Servercert-wg@cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg