Hello, I read over draft-ietf-acme-tls-alpn-00 and noticed two things: 1) Section 3 states, " If all of the above steps succeed then the validation is successful, otherwise it fails. Once the handshake has been completed the connection should be immediately closed and no further data should be exchanged". Perhaps I'm reading this too literally, but I think this is ambiguous, where "handshake" can mean either the TLS handshake in its entirety (such as sending ChangedCipherSpec/Finished messages, etc.) or if the connection should be terminated upon the client receiving the ServerHello message (which is the entirety of the "handshake" described in steps 1-3). I imagine the former is preferable, so the wording should perhaps explicitly specify "TLS handshake". 2) Section 5 (IANA considerations) has no mention of updating the IANA "Application-Layer Protocol Negotiation (ALPN) Protocol IDs" registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids) with the new ALPN identifier "acme-tls/1". For consistency with other documents that define ALPN identifiers, "acme-tls/1" should probably be added to the registry.
Thanks, Corey Corey Bonnell Trustwave | SMART SECURITY ON DEMAND On 3/2/18, 9:35 PM, "Acme on behalf of [email protected]" <[email protected] on behalf of [email protected]> wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Automated Certificate Management Environment WG of the IETF. Title : ACME TLS ALPN Challenge Extension Author : Roland Bracewell Shoemaker Filename : draft-ietf-acme-tls-alpn-00.txt Pages : 7 Date : 2018-03-02 Abstract: This document specifies a new challenge for the Automated Certificate Management Environment (ACME) protocol which allows for domain control validation using TLS. The IETF datatracker status page for this draft is: https://scanmail.trustwave.com/?c=4062&d=3oma2gDctiWeny5cn5DkGORX4VGQZeWcDcJBnrjUUw&s=5&u=https%3a%2f%2fdatatracker%2eietf%2eorg%2fdoc%2fdraft-ietf-acme-tls-alpn%2f There are also htmlized versions available at: https://scanmail.trustwave.com/?c=4062&d=3oma2gDctiWeny5cn5DkGORX4VGQZeWcDcUSzejVAQ&s=5&u=https%3a%2f%2ftools%2eietf%2eorg%2fhtml%2fdraft-ietf-acme-tls-alpn-00 https://scanmail.trustwave.com/?c=4062&d=3oma2gDctiWeny5cn5DkGORX4VGQZeWcDZYWlLnWVQ&s=5&u=https%3a%2f%2fdatatracker%2eietf%2eorg%2fdoc%2fhtml%2fdraft-ietf-acme-tls-alpn-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at http://scanmail.trustwave.com/?c=4062&d=3oma2gDctiWeny5cn5DkGORX4VGQZeWcDcRGzujXDg&s=5&u=http%3a%2f%2ftools%2eietf%2eorg Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Acme mailing list [email protected] https://scanmail.trustwave.com/?c=4062&d=3oma2gDctiWeny5cn5DkGORX4VGQZeWcDcJEnbHYBQ&s=5&u=https%3a%2f%2fwww%2eietf%2eorg%2fmailman%2flistinfo%2facme _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
