On Thu, Mar 21, 2024 at 11:44:22AM -0700, Jacob Hoffman-Andrews wrote:
> Ilari, you've posted some useful extrapolations on how domain scopes could
> work. I'm proposing to get rid of domain scopes. :D To get us on the same
> page, would you mind posting some of the specific use cases you're
> envi
Accidentally sent this as a private reply earlier.
First, I don't want the BR process to drive the IETF process. I've been
mostly avoiding really thinking about the BRs with this draft. Especially
since participation here feels a lot simpler and democratic than it does at
CA/B.
Regarding my resis
Ilari, you've posted some useful extrapolations on how domain scopes could
work. I'm proposing to get rid of domain scopes. :D To get us on the same
page, would you mind posting some of the specific use cases you're
envisioning where domain scopes would be used in an ACME environment? My
existing b
On Wed, Mar 20, 2024 at 5:57 PM Amir Omidi wrote:
> I feel like splitting this challenge into three (and potentially more, as
> extra scopes may or may not be added into the future) might be a little too
> noisy.
>
Combined with my other proposals, we only wind up with two total challenge
types:
On Wed, Mar 20, 2024 at 08:57:11PM -0400, Amir Omidi wrote:
> I do think that this draft can do a better job describing the scope. I
> think we should make it more explicit for the client to understand which
> one will be used. I feel like splitting this challenge into three (and
> potentially more
I do think that this draft can do a better job describing the scope. I
think we should make it more explicit for the client to understand which
one will be used. I feel like splitting this challenge into three (and
potentially more, as extra scopes may or may not be added into the future)
might be
Seo Suchan said:
> Would it be illegal to server probe both scope and pass if there is
intended token?
This is a possibility, but it's inefficient and I think it's likely to lead
to implementation bugs. Better to be clear and explicit on both sides.
Amir Omidi said:
> My intention that I should p
On Mon, Mar 18, 2024 at 04:03:07PM -0700, Jacob Hoffman-Andrews wrote:
> Thanks, authors, for the updates in
> https://datatracker.ietf.org/doc/html/draft-ietf-acme-scoped-dns-challenges-00
> .
>
> Adding a "scope" (host, wildcard, or subdomain) to the DNS record name is
> great. Reading the draft
> I think it doesn't specify how the scope for a given challenge is decided
and communicated.
Great point. My intention that I should probably clarify in the draft is
that the server picks based on the Authorization object:
- If wildcard: true on the authorization object associated with the
Would it be illegal to server probe both scope and pass if there is intended
token?
On 2024년 3월 19일 오전 8시 3분 7초 GMT+09:00, Jacob Hoffman-Andrews
wrote:
>Thanks, authors, for the updates in
>https://datatracker.ietf.org/doc/html/draft-ietf-acme-scoped-dns-challenges-00
>.
>
>Adding a "scope" (ho
10 matches
Mail list logo
