Re: [Acme] [Technical Errata Reported] RFC8555 (5732)

Fri, 23 Aug 2019 15:09:59 -0700

Hi, Erica from Certbot here. I'd love to see this get verified -- it seems impossible to implement the "retrying challenges" section as the spec currently stands. 

On 2019-05-23 02:46, RFC Errata System wrote:

The following errata report has been submitted for RFC8555,
"Automatic Certificate Management Environment (ACME)".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata/eid5732

--------------------------------------
Type: Technical
Reported by: Rob Stradling <[email protected]>

Section: 8

Original Text
-------------
A challenge object with an error MUST have status
equal to "invalid".

Corrected Text
--------------
A challenge object with an error MUST have status
equal to "processing" or "invalid".

Notes
-----
Section 8.2 says that 'The server MUST add an entry to the "error"
field in the challenge after each failed validation query'.  However,
if the challenge must then become "invalid", it is never possible to
retry any validation query (because "invalid" is a final state for a
challenge object).
This erratum is necessary to permit validation query retries to ever happen. 

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party
can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC8555 (draft-ietf-acme-acme-18)
--------------------------------------
Title : Automatic Certificate Management Environment (ACME) 
Publication Date    : March 2019
Author(s) : R. Barnes, J. Hoffman-Andrews, D. McCarney, J. Kasten 
Category            : PROPOSED STANDARD
Source              : Automated Certificate Management Environment
Area                : Security
Stream              : IETF
Verifying Party     : IESG

_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme


_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme

Reply via email to