Hi Alexey,
I think this is not a solution since all RFC ACME use example.com for ACME server, no need to be an exception for RFC8823. Best Regards, Richard Wang From: Alexey Melnikov <[email protected]> Sent: Friday, May 5, 2023 10:13 PM To: RFC Errata System <[email protected]> Cc: [email protected]; [email protected] Subject: Re: [Acme] [Editorial Errata Reported] RFC8823 (7508) Hi, On 05/05/2023 01:01, RFC Errata System wrote: The following errata report has been submitted for RFC8823, "Extensions to Automatic Certificate Management Environment for End-User S/MIME Certificates". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7508 -------------------------------------- Type: Editorial Reported by: Richard Wang <mailto:[email protected]> <[email protected]> Section: 3.1 and 3.2 Original Text ------------- Figure 1: Message-ID: <mailto:[email protected]> <[email protected]> From: [email protected] <mailto:[email protected]> To: [email protected] <mailto:[email protected]> Figure 2: Message-ID: <mailto:[email protected]> <[email protected]> In-Reply-To: <mailto:[email protected]> <[email protected]> From: [email protected] <mailto:[email protected]> To: [email protected] <mailto:[email protected]> Corrected Text -------------- Figure 1: Message-ID: <mailto:[email protected]> <[email protected]> From: [email protected] <mailto:[email protected]> To: [email protected] <mailto:[email protected]> Figure 2: Message-ID: <mailto:[email protected]> <[email protected]> In-Reply-To: <mailto:[email protected]> <[email protected]> From: [email protected] <mailto:[email protected]> To: [email protected] <mailto:[email protected]> I generally agree that there is a problem that email messages in Sections 3.1 and 3.2 don't match the following challenge in Section 3: { "type": "email-reply-00", "url": <https://example.com/acme/chall/ABprV_B7yEyA4f> "https://example.com/acme/chall/ABprV_B7yEyA4f";, "from": <mailto:[email protected]> "[email protected]", "token": "DGyRejmCefe7v4NfDGDKfA" } However I propose an alternative fix that might be smaller. I suggest to change the above challenge in Section 3: OLD: { "type": "email-reply-00", "url": "https://example.com/acme/chall/ABprV_B7yEyA4f";, "from": "acme-challenge+2i211oi1204310@example. <mailto:[email protected]> com", "token": "DGyRejmCefe7v4NfDGDKfA" } NEW: { "type": "email-reply-00", "url": "https://example.org/acme/chall/ABprV_B7yEyA4f";, "from": "acme-challenge+2i211oi1204310@example. <mailto:[email protected]> org", "token": "DGyRejmCefe7v4NfDGDKfA" } After this change example.org would be the ACME server domain and example.com would be the user domain. Best Regards, Alexey Notes ----- Accoording to RFC8555, the domain example.com used for ACME server, the example.org used for the Client. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC8823 (draft-ietf-acme-email-smime-14) -------------------------------------- Title : Extensions to Automatic Certificate Management Environment for End-User S/MIME Certificates Publication Date : April 2021 Author(s) : A. Melnikov Category : INFORMATIONAL Source : Automated Certificate Management Environment Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ Acme mailing list [email protected] <mailto:[email protected]> https://www.ietf.org/mailman/listinfo/acme
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
