Hi Seo,

Thanks for the feedback.

I copy pasted the list of logs into my code from
https://github.com/google/certificate-transparency-community-site/blob/master/docs/google/known-logs.md,
it would probably be a good idea to delete the old logs.

The SERVFAIL response is non very clear, agreed. I'll improve my error
handling there.

In my testing, adding new records to the first layer descriptor doesn't
bother the current Tor project tor implementation (seemingly the only one
anyone ever uses).
I'm still working on patching the tor router to add support for defining
CAA but I'll definitely put up a few test services with different
configurations once that's done.

Thanks,
Q
------------------------------

Any statements contained in this email are personal to the author and are
not necessarily the statements of the company unless specifically stated.
AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace,
Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company
registered in Wales under № 12417574
<https://find-and-update.company-information.service.gov.uk/company/12417574>.
ICO register №: ZA782876 <https://ico.org.uk/ESDWebPages/Entry/ZA782876>.
UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524.
South Korean VAT №: 522-80-03080. Glauca Digital and the Glauca logo are
registered trademarks in the UK, under № UK00003718474 and № UK00003718468,
respectively.


On Sun, 23 Apr 2023 at 14:27, Seo Suchan <tjtn...@gmail.com> wrote:

> google's solera 2018~2022 are no longer accept new record. solera ct log
> is sharded by notafter day of incoming certificates, so only log able to
> use currently be 2023 (assume 90 day certificate)
>
> when I ran you client for onion-csr without having hosted onion hidden
> service, server returned caa servfail, not sure this is right response
> for such (not yet hosted) domain: NXdomain or dedicated error code looks
> better.
>
> not sure how one can add a format in first layer like in 5.3 without
> breaking old tor client implementations. could make a hidden service
> with caa-critical online?
>
> P.S didn't notice you already posted v 02 of this draft.
>
> 2023-04-21 오전 7:04에 Q Misell 이(가) 쓴 글:
> > Hi all,
> >
> > Thanks for all your feedback over my draft. I've incorporated your
> > comments into a new draft, and published this.
> >
> > I've also finished my reference implementation of the draft, more
> > details available at https://acmeforonions.org. I'd be delighted if
> > you'd try it out and let me know what you think.
> >
> > Thanks,
> > Q
> >
> > _______________________________________________
> > Acme mailing list
> > Acme@ietf.org
> > https://www.ietf.org/mailman/listinfo/acme
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>
_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

Reply via email to