Hi Adam,
Thank you very much for your review.
On 02/10/2019, 02:22, "Adam Roach via Datatracker" wrote:
> §3.3:
>
> > o Intermediaries MAY insert or delete the value, but MUST ensure
> > that if present, the header value equals the corresponding
> > value within the credential.
>
> Thi
Adam Roach has entered the following ballot position for
draft-ietf-acme-star-09: Yes
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ietf.o
Adam Roach has entered the following ballot position for
draft-ietf-acme-star-09: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ie
At 16:25 01/10/2019 Tuesday, Warren Kumari via Datatracker wrote:
trimmed
>This is either a huge issue, or a complete non-event -- I'm not sure which -
>please help me understand / convince me I'm missing something.
imho non event
>Contrived, but simple example scenario: My local coffeeshop ru
On Tue, Oct 1, 2019 at 5:25 PM Warren Kumari wrote:
>
> On Tue, Oct 1, 2019 at 5:09 PM Ryan Sleevi wrote:
> >
> >
> >
> > On Tue, Oct 1, 2019 at 2:28 PM Warren Kumari wrote:
> >>
> >> > The second scenario you suggest is also something covered by 8555, if
> >> > the attacker is able to fully co
Warren Kumari has entered the following ballot position for
draft-ietf-acme-ip-08: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://
On Tue, Oct 1, 2019 at 5:20 PM Jacob Hoffman-Andrews wrote:
>
> It's important to note that automated validation of IP addresses for
> certificates is already a part of the Web PKI, but is not standardized.
> This protocol will standardize it, which I believe will make overall
> validation of IP
On Tue, Oct 1, 2019 at 5:09 PM Ryan Sleevi wrote:
>
>
>
> On Tue, Oct 1, 2019 at 2:28 PM Warren Kumari wrote:
>>
>> > The second scenario you suggest is also something covered by 8555, if the
>> > attacker is able to fully control the network, then they can control ACME.
>> > This is not just t
Thank you Roland for the added pieces of information
-éric
On 01/10/2019, 19:24, "Roland Shoemaker" wrote:
Hey Éric,
Thanks for the review. To answer your two questions:
1. Assuming you are referring to the “type” field of the standard ACME
identifier object the use of “
It's important to note that automated validation of IP addresses for
certificates is already a part of the Web PKI, but is not standardized.
This protocol will standardize it, which I believe will make overall
validation of IP addresses more secure, within the threat model that
Roland describe
On Tue, Oct 1, 2019 at 2:28 PM Warren Kumari wrote:
> > The second scenario you suggest is also something covered by 8555, if
> the attacker is able to fully control the network, then they can control
> ACME. This is not just the case for IP validation, if an attacker is able
> to hijack BGP rout
Hey all,
This revision addresses the comments made in the ARTART, GENART, and SECDIR
reviews as well as comments made by Benjamin Kaduk, Adam Roach, and Barry Leiba.
Thanks to all for their thorough reviews.
Roland
> On Oct 1, 2019, at 1:35 PM, internet-dra...@ietf.org wrote:
>
>
> A New Inte
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Automated Certificate Management Environment
WG of the IETF.
Title : ACME TLS ALPN Challenge Extension
Author : Roland Bracewell Shoemaker
Hey Martin,
Thanks for the thorough review, I agree with all of the suggestions and will be
incorporating the changes into the next revision. Following up on one point
about Section 7, I believe you may actually be thinking about another issue we
had with the http-01 ACME challenge. The issue h
On Tue, Oct 1, 2019 at 1:10 PM Roland Shoemaker wrote:
>
> Hey Warren,
>
> Thanks for the review of this document. Overall I don’t find the suggested
> scenario particularly compelling in terms of indicating any security problems
> with the suggested document. The threat model defined in 8555 in
Hey all,
This revision addresses comments by Adam Roach and Alexey Melnikov.
> On Oct 1, 2019, at 10:38 AM, internet-dra...@ietf.org wrote:
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Automated Certificate Managemen
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Automated Certificate Management Environment
WG of the IETF.
Title : ACME IP Identifier Validation Extension
Author : Roland Bracewell Shoemaker
Hey Benjamin,
Thanks for the review, I’ve replied to your two comments inline:
> On Sep 30, 2019, at 6:06 PM, Benjamin Kaduk via Datatracker
> wrote:
>
> Benjamin Kaduk has entered the following ballot position for
> draft-ietf-acme-ip-07: Yes
>
> When responding, please keep the subject line
Hey Éric,
Thanks for the review. To answer your two questions:
1. Assuming you are referring to the “type” field of the standard ACME
identifier object the use of “ip” was thought to be a bit more verbose as to
what the identifier contained vs. “address”. There could be some confusion with
usi
Hey Warren,
Thanks for the review of this document. Overall I don’t find the suggested
scenario particularly compelling in terms of indicating any security problems
with the suggested document. The threat model defined in 8555 indicates that
ACME is not able to mitigate scenarios where an attac
Hi Warren,
Thanks for the review.
On 01/10/2019, 17:02, "Warren Kumari via Datatracker" wrote:
> Please review and address the comments in
> https://datatracker.ietf.org/doc/review-ietf-acme-star-06-opsdir-lc-ersue-2019-07-21/
> -- they are useful (and thanks to Mehmet for the review)
Mehmet'
Warren Kumari has entered the following ballot position for
draft-ietf-acme-star-09: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https:
Warren Kumari has entered the following ballot position for
draft-ietf-acme-tls-alpn-06: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to ht
Warren Kumari has entered the following ballot position for
draft-ietf-acme-ip-07: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.i
Hi Roland,
> On 1 Oct 2019, at 01:32, Roland Shoemaker wrote:
>
> Thanks for the review. Good catch on the FQDN, this looks like it was just an
> error in the example. I’ll push up a revision addressing this.
Thank you. I will clear my DISCUSS.
>
>> On Sep 29, 2019, at 8:38 AM, Alexey Melniko
25 matches
Mail list logo