Hi Q,

 

On 2024-09-06 at 03:06, Q Misell via tor-project wrote:

> Ah yes, that would've been useful to include.

> The ML is at https://mailman3.ietf.org/mailman3/lists/acme@ietf.org/

> 

> On Fri, 6 Sept 2024 at 02:08, Micah Anderson <micah@torproject.org> wrote:

> 

> Hi Q - can you give me a pointer to where the working group mailing list

> is, and I'll happily voice support for it.

> 

> micah

> 

> On 2024-09-03 16:45:59, Q Misell via tor-project wrote:

>>> The ACME for Onions

>>> (https://e.as207960.net/w4bdyj/ET9hZkhowQILSTGe Internet Draft is

>>> going through the Last Call on the IETF working group!

>> 

>> It'd be great if people could voice their support for the draft on

>> the working group mailing list to help get it over the line.

 

I will be glad to post something if it would be useful.  Though I've

looked at drafts of the RFC before, I hadn't been on the ACME mailing

list.  I've now joined and looked over recent discussion.

 

The message from Tomofumi Okubo on Aug 16 says that they wanted any

concerns voiced by Aug 28 and otherwise would assume no problems and

put it forward. Would it actually be helpful for someone who just

joined the list to say that they are in support of the draft being

adopted? Or would that actually look odd and be potentially

counterproductive? E.g. potentially cause people to take another

look when they were ready to move it along.

 

It seems like all the posts since Aug 16 were from insiders or

authoritative folk posting nits mostly about proper use of "should",

"must", "required", etc.

 

I could simply say that I have read the latest draft, including

responses to the nits raised since Aug 16 and am in favor of adoption.

(And is "adoption" the right word or does that have a technical

meaning in this context?) Would it be better to express such generic

support or would giving more specific reasons for my support be more

helpful?

 

If something specific about why I support the RFC would be helpful I

could say how I hope this will be adopted soon. There are many

positives, but I am most interested in securing association between

onion addresses and registered domains. There are already thousands of

domains using the current Onion-Location means of association, which

has some security limitations. Facilitating easier obtaining of TLS

certificates for onion addresses would be a helpful for making

significant improvements to the usability and security of onion

association. So I hope adoption of the standard moves that along.

 

Let me know if any of those options would be helpful (or if not let me

know that too), or give me suggestions if something different would be

more helpful.

 

SVV,

Paul