Re: [Acme] [Errata Held for Document Update] RFC8555 (6843)

2024-01-11 Thread Rob Sayre
On Thu, Jan 11, 2024 at 7:15 PM Amir Omidi wrote: > There is nothing blocking .dev domains responding over http. To be > specific, a TLD can not block a protocol like that. > Right, but one should not expect to get a redirect response. The server shouldn't answer (many of them do, which is a

Re: [Acme] [Errata Held for Document Update] RFC8555 (6843)

2024-01-11 Thread Amir Omidi
There is nothing blocking .dev domains responding over http. To be specific, a TLD can not block a protocol like that. Amir Omidi (he/them) On Thu, Jan 11, 2024 at 22:13 Rob Sayre wrote: > It sounds like that's a bug or at least a discrepancy. > > .dev domains should never respond over HTTP.

Re: [Acme] [Errata Held for Document Update] RFC8555 (6843)

2024-01-11 Thread Rob Sayre
It sounds like that's a bug or at least a discrepancy. .dev domains should never respond over HTTP. The whole point is to avoid that initial request. thanks, Rob On Thu, Jan 11, 2024 at 7:10 PM Aaron Gable wrote: > This erratum changed "completed" to "initiated", so the document now >

Re: [Acme] [Errata Held for Document Update] RFC8555 (6843)

2024-01-11 Thread Aaron Gable
This erratum changed "completed" to "initiated", so the document now correctly allows redirects from HTTP to HTTPS. If you believe that challenges should be able to be initiated over HTTPS as well, this erratum is not the right place for that discussion. But perhaps more importantly, ACME Servers

Re: [Acme] [Errata Held for Document Update] RFC8555 (6843)

2024-01-11 Thread Seo Suchan
CA ignores HSTS: they aren't browsers, likewise they ignore certificate staudes of https page walie validating too. 2024-01-12 오후 12:02에 Rob Sayre 이(가) 쓴 글: Hi, Is this one valid? https://www.rfc-editor.org/errata/eid6843 > the challenge must be initiated over HTTP, not HTTPS. What if the

Re: [Acme] [Errata Held for Document Update] RFC8555 (6843)

2024-01-11 Thread Rob Sayre
Hi, Is this one valid? https://www.rfc-editor.org/errata/eid6843 > the challenge must be initiated over HTTP, not HTTPS. What if the host is on a .dev domain? That should be in the HSTS preload list. thanks, Rob ___ Acme mailing list Acme@ietf.org

[Acme] [Errata Held for Document Update] RFC8555 (6317)

2024-01-11 Thread RFC Errata System
The following errata report has been held for document update for RFC8555, "Automatic Certificate Management Environment (ACME)". -- You may review the report below and at: https://www.rfc-editor.org/errata/eid6317 --

[Acme] I-D Action: draft-ietf-acme-dtnnodeid-12.txt

2024-01-11 Thread internet-drafts
Internet-Draft draft-ietf-acme-dtnnodeid-12.txt is now available. It is a work item of the Automated Certificate Management Environment (ACME) WG of the IETF. Title: Automated Certificate Management Environment (ACME) Delay-Tolerant Networking (DTN) Node ID Validation Extension Author:

[Acme] [Errata Held for Document Update] RFC8555 (6843)

2024-01-11 Thread RFC Errata System
The following errata report has been held for document update for RFC8555, "Automatic Certificate Management Environment (ACME)". -- You may review the report below and at: https://www.rfc-editor.org/errata/eid6843 --