Re: [Acme] kinds of proof
Eric Rescorla <ekr@rtfm.com> Fri, 28 November 2014 15:50 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83EF91A00CF for <acme@ietfa.amsl.com>; Fri, 28 Nov 2014 07:50:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SZwzhv6KVU5a for <acme@ietfa.amsl.com>; Fri, 28 Nov 2014 07:50:36 -0800 (PST)
Received: from mail-wg0-f47.google.com (mail-wg0-f47.google.com [74.125.82.47]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DB0D1A002F for <acme@ietf.org>; Fri, 28 Nov 2014 07:50:17 -0800 (PST)
Received: by mail-wg0-f47.google.com with SMTP id n12so9085656wgh.6 for <acme@ietf.org>; Fri, 28 Nov 2014 07:50:16 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=KxYR0cMlnOMYzsPpRdDpbN7cb5VUBIvpl0yMORtsJgM=; b=QTU9cTZCdTJfI3zSBLb5ZPS4meVbL/JUWK0czJq8UA6I+3+waQLwnPX8aWsNMd3lVr zUPBVdCUepCScAVtlRvWn7U9jfDBdHGoRjDJDvh/OUw3kvSGUpY8NvOHNUL6Yhq577A2 H+HnH8nqWXTGC+IjXLPIsuOp5ED56xhVb4LCNuO5YGXqxnJZ4OLFgXosRugQZZ1Nu3mx 3KgQD/j7ngqLS7BLqj9CZSwj1fmbk25KzbogmS4+q+4P47rA3KA1zdYsCLbX09Fqztha CyBzVFEa1MoDTS1MgOEAvPCSgRt+MmUERnpLakUc9RFh0x8kw39DLWTTP4cAVcWiIEGM wwFA==
X-Gm-Message-State: ALoCoQnbjdGHLsOL49/GTWcdEN4jvIQoR4zqYXWEyhBqN2Ghr5GIaoJRcN8UC+1CAMlqsBbIJVKb
X-Received: by 10.180.96.41 with SMTP id dp9mr53138353wib.13.1417189816058; Fri, 28 Nov 2014 07:50:16 -0800 (PST)
MIME-Version: 1.0
Received: by 10.27.130.34 with HTTP; Fri, 28 Nov 2014 07:49:35 -0800 (PST)
In-Reply-To: <1F442BA7-C7D4-49AD-AA9D-49B86B39159D@vpnc.org>
References: <AD5940AA-6F01-4D0E-A4E0-19AEA56BBED3@vpnc.org> <CAL02cgTgpjQffow2XuaNuT7BtqYVttXdVUgyqBFbsAbN4g0VzQ@mail.gmail.com> <DEC7A8A8-563D-41B3-94AC-71DC7219D3F8@cisco.com> <m27fyg4yzg.wl%randy@psg.com> <547754C0.9050306@cs.tcd.ie> <20141127211348.GE25114@mournblade.imrryr.org> <54784C61.2080508@cs.tcd.ie> <1F442BA7-C7D4-49AD-AA9D-49B86B39159D@vpnc.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 28 Nov 2014 07:49:35 -0800
Message-ID: <CABcZeBMCgqiMRuC+7hON9O+16vHKTEwF=-KR2CoA_CG0ZA0ZYA@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="f46d043bdc5890d4040508ed378f"
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/-9UBVRuneymYaCYmD4wb_iIiphc
Cc: acme@ietf.org, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [Acme] kinds of proof
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Nov 2014 15:50:38 -0000
On Fri, Nov 28, 2014 at 7:32 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > On Nov 28, 2014, at 2:20 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> > wrote: > > Yep. Fully agree about DV. But DV isn't the only kind of > > validation I'd like to be supported here. > > > > I'd like if it were possible to extend that to include cases > > where one has control over the web server, but not the DNS. > > Those two paragraphs don't really go together. You absolutely can do DV in > cases where you don't have control over the DNS; that's basically how all > web certificate enrollment happens today. To put a slightly finer point on it, web validation is extremely useful in cases where you only have loose control over the DNS. -Ekr > --Paul Hoffman > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
- [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Joe Hildebrand (jhildebr)
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Michael Jenkins
- Re: [Acme] ACME or EST? Stephen Farrell
- [Acme] first order requirement - suitable as an o… Stephen Farrell
- Re: [Acme] ACME or EST? Salz, Rich
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] ACME or EST? Joe Hildebrand (jhildebr)
- Re: [Acme] ACME or EST? Stephen Farrell
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Viktor Dukhovni
- Re: [Acme] ACME or EST? Christian Huitema
- [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Christian Huitema
- [Acme] kinds of proof (was: Re: ACME or EST?) Stephen Farrell
- Re: [Acme] kinds of proof (was: Re: ACME or EST?) Phillip Hallam-Baker
- Re: [Acme] kinds of proof Stephen Farrell
- Re: [Acme] kinds of proof Salz, Rich
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Eric Rescorla
- Re: [Acme] ACME or EST? Eliot Lear
- Re: [Acme] kinds of proof (was: Re: ACME or EST?) Viktor Dukhovni
- Re: [Acme] kinds of proof Phillip Hallam-Baker
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Nico Williams
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Tony Arcieri
- Re: [Acme] kinds of proof Eric Mill
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Christian Huitema
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Phillip Hallam-Baker
- Re: [Acme] kinds of proof Trevor Freeman
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] kinds of proof Martin Thomson