Re: [Acme] example.com is used all over the draft
I strongly agree with those who do not want to open this can of worms at this time, but my preference for examples in future documents would be something like "example.com" for a generic domain name being validated (because the .com tends to evoke a generic end-user DNS name, for better or worse), while using things like "acme-server.example" for more specific server roles. The documents could even explicitly specify this convention (example.com or .net is a generic domain name being validated, anything .example is the name of a specific server acting in a particular role). I think such an explicit enumeration of how various example names are used, and consistent use of such a naming policy would make many documents and examples much clearer. -Tim > -Original Message- > From: Acme On Behalf Of Alan Doherty > Sent: Thursday, September 20, 2018 11:08 AM > To: Felipe Gasper ; Kas > > Cc: acme@ietf.org > Subject: Re: [Acme] example.com is used all over the draft > > or both > > From section 2 : > "The CA verifies that the client controls the requested domain name(s) by > having the ACME client perform some action(s) that can only be done with > control of the domain name(s). For example, the CA might require a client > requesting example.org to provision DNS record under requested- > name.example.org or an HTTP resource under http://requested- > name.example.org." > > I suggest to use "example.org" only for the client mentioned in section 2, > while > adding another identifier like "acmeserver.example.net" or > "caserver.example.net" will enhance the readability of all these examples. > > thus differentiating the > role.example.(org for request org, net for acme provider, com and others for > other cases) > > thus both role(descriptive) and tld(consistent) > > so say a SAN example could be (to show domains don't have to be related) > requested-name.example.org other-requested-name.example.com > > acmeserver.example.net > > At 14:02 20/09/2018 Thursday, Felipe Gasper wrote: > >Are “acmeserver.com†or “caserver.com†reserved domains? > What > >about: acme-client.example.com acme-server.example.com ? -FG > On Sep > >20, 2018, at 8:58 AM, Kas wrote: > > > >From section 2 : > "The CA verifies that the client controls the > >requested domain name(s) by having the ACME client perform some > >action(s) that can only be done with control of the domain name(s). For > >example, the CA might require a client requesting example.com to > >provision DNS record under example.com or an HTTP resource under > >http://example.com."; > > I suggest to use "example.com" only for the > >client mentioned in section 2, while adding another identifier like > >"acmeserver.com" or "caserver.com" will enhance the readability of all > >these examples. > > ___ > > > >Acme mailing list > Acme@ietf.org > > >https://www.ietf.org/mailman/listinfo/acme > >___ Acme mailing list > >Acme@ietf.org https://www.iet > f.org/mailman/listinfo/acme > > ___ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme smime.p7s Description: S/MIME cryptographic signature ___ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
Re: [Acme] example.com is used all over the draft
or both From section 2 : "The CA verifies that the client controls the requested domain name(s) by having the ACME client perform some action(s) that can only be done with control of the domain name(s). For example, the CA might require a client requesting example.org to provision DNS record under requested-name.example.org or an HTTP resource under http://requested-name.example.org."; I suggest to use "example.org" only for the client mentioned in section 2, while adding another identifier like "acmeserver.example.net" or "caserver.example.net" will enhance the readability of all these examples. thus differentiating the role.example.(org for request org, net for acme provider, com and others for other cases) thus both role(descriptive) and tld(consistent) so say a SAN example could be (to show domains don't have to be related) requested-name.example.org other-requested-name.example.com acmeserver.example.net At 14:02 20/09/2018 Thursday, Felipe Gasper wrote: >Are âacmeserver.comâ or âcaserver.comâ reserved domains? What about: >acme-client.example.com acme-server.example.com ? -FG > On Sep 20, 2018, at >8:58 AM, Kas wrote: > > From section 2 : > >"The CA verifies that the client controls the requested domain name(s) by >having the ACME client perform some action(s) that can only be done with >control of the domain name(s). For example, the CA might require a client >requesting example.com to provision DNS record under example.com or an HTTP >resource under http://example.com."; > > I suggest to use "example.com" only >for the client mentioned in section 2, while adding another identifier like >"acmeserver.com" or "caserver.com" will enhance the readability of all these >examples. > > ___ > Acme mailing >list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >___ Acme mailing list >Acme@ietf.org https://www.iet f.org/mailman/listinfo/acme ___ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
Re: [Acme] example.com is used all over the draft
* I can understand how something more evocative might be helpful, but at this point, I'm inclined to let it be. I agree. Using subdomains of example.com in the examples will no doubt lead to some questioning why the domains aren’t totally different. It’s not perfect, but especially now, let’s not try to asymptotically approach that. ___ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
Re: [Acme] example.com is used all over the draft
The list of reserved names is here: https://tools.ietf.org/html/rfc2606 I can understand how something more evocative might be helpful, but at this point, I'm inclined to let it be. --Richard On Thu, Sep 20, 2018 at 8:04 AM Felipe Gasper wrote: > Are “acmeserver.com” or “caserver.com” reserved domains? > > > What about: > > acme-client.example.com > > acme-server.example.com > > ? > > > -FG > > > On Sep 20, 2018, at 8:58 AM, Kas > wrote: > > > > From section 2 : > > "The CA verifies that the client controls the requested domain name(s) > by having the ACME client perform some action(s) that can only be done with > control of the domain name(s). For example, the CA might require a client > requesting example.com to provision DNS record under example.com or an > HTTP resource under http://example.com."; > > > > I suggest to use "example.com" only for the client mentioned in section > 2, while adding another identifier like "acmeserver.com" or "caserver.com" > will enhance the readability of all these examples. > > > > ___ > > Acme mailing list > > Acme@ietf.org > > https://www.ietf.org/mailman/listinfo/acme > > ___ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme > ___ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
Re: [Acme] example.com is used all over the draft
Are “acmeserver.com” or “caserver.com” reserved domains? What about: acme-client.example.com acme-server.example.com ? -FG > On Sep 20, 2018, at 8:58 AM, Kas wrote: > > From section 2 : > "The CA verifies that the client controls the requested domain name(s) by > having the ACME client perform some action(s) that can only be done with > control of the domain name(s). For example, the CA might require a client > requesting example.com to provision DNS record under example.com or an HTTP > resource under http://example.com."; > > I suggest to use "example.com" only for the client mentioned in section 2, > while adding another identifier like "acmeserver.com" or "caserver.com" will > enhance the readability of all these examples. > > ___ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme ___ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
[Acme] example.com is used all over the draft
From section 2 : "The CA verifies that the client controls the requested domain name(s) by having the ACME client perform some action(s) that can only be done with control of the domain name(s). For example, the CA might require a client requesting example.com to provision DNS record under example.com or an HTTP resource under http://example.com."; I suggest to use "example.com" only for the client mentioned in section 2, while adding another identifier like "acmeserver.com" or "caserver.com" will enhance the readability of all these examples. ___ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
