Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Differing description of {DVSNI, DNS} validation mechanism in 7.2, 9.2 #211

Closed
Hainish opened this issue Aug 1, 2015 · 1 comment
Closed

Differing description of {DVSNI, DNS} validation mechanism in 7.2, 9.2 #211

Hainish opened this issue Aug 1, 2015 · 1 comment

Comments

@Hainish
Copy link

Hainish commented Aug 1, 2015

Simple HTTP: The value provided in the validation request is signed by the account private key.
DVSNI: The validation TLS request uses the account key pair as the server’s key pair.
DNS: The MAC covers the account key, and the MAC key is derived from an ECDH public key signed with the account private key.

This is not the way the spec describes DVSNI validation. Is this from an older version? Section 7.2 indicates that DVSNI responds to the provisioned SNI resource with JWS within the HTTP body. Following this, it should read:

Simple HTTP & DVSNI: The value provided in the validation request is signed by the account private key.
DNS: The signature in the DNS response is generated using the account private key.
@cpu
Copy link
Contributor

cpu commented Apr 4, 2017

This repository is deprecated & un-maintained. Closing this issue. If applicable, please move discussion to the replacement IETF owned repo and the mailing list.

@cpu cpu closed this as completed Apr 4, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Hainish @cpu