I prefer the RFC 6844-bis interpretation, but I note that this is not compliant with the Baseline Requirements, which mandate RFC 6844. It's not clear what that means though since as you correctly note, RFC 6844 contradicts itself on this point.
I would support fixing the baseline requirements along the lines of what we did for errata 5065. -Tim > -----Original Message----- > From: Acme [mailto:acme-boun...@ietf.org] On Behalf Of Jacob Hoffman- > Andrews > Sent: Monday, July 9, 2018 8:57 PM > To: Roland Shoemaker <rol...@letsencrypt.org>; acme@ietf.org > Cc: Hugo Landau <hlan...@devever.net> > Subject: Re: [Acme] Handling non-conformant CAA property names in ACME- > CAA > > There's a similar issue for parameters: RFC 6844 section 3 says each name- > value pair is separated by a semicolon: > > https://tools.ietf.org/html/rfc6844#section-3 > > issue <Issuer Domain Name> [; <name>=<value> ]* : The issue property > > RFC 6844 section 5.2 says each name-value pair is separated by a space: > > https://tools.ietf.org/html/rfc6844#section-5.2 > > issuevalue = space [domain] space [";" *(space parameter) space] > > > For 6844-bis, in the LAMPS WG, we concluded that the latter was most likely > an > error in the ABNF, and that semicolons were preferable: > > https://tools.ietf.org/html/draft-ietf-lamps-rfc6844bis-00#section-5.2 > > parameters = (parameter *WSP ";" *WSP parameters) / parameter > > > ACME-CAA's examples use semicolons: > > https://tools.ietf.org/html/draft-ietf-acme-caa-03#appendix-A > > example.com. IN CAA 0 issue "example.net; \ > account- > uri=https://example.net/account/1234; \ > validation-methods=dns-01" > > > We resolved the hyphen question on the basis of interoperability: Some DNS > UIs rejected setting CAA records with hyphens in property names, so we did > the simple thing and removed them. > > The semicolon question is not so easily solved. There is no unambiguous > reading of RFC 6844, no reason to consider section 3 more normative than > section 5.2 or vice versa. > > I have one piece of interop data: While Route53 rejected hyphens in property > names, it accepts semicolons separating name-value pairs. > > My preference is for ACME-CAA to continue follow the RFC 6844bis > interpretation. What are others' thoughts? > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme