Re: [Acme] WG meeting at IETF 93

Phillip Hallam-Baker <> Wed, 01 July 2015 16:50 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id EA4C51A92E7 for <>; Wed, 1 Jul 2015 09:50:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id t2q4a2qivsdF for <>; Wed, 1 Jul 2015 09:50:44 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4010:c03::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B31E61A92E4 for <>; Wed, 1 Jul 2015 09:50:43 -0700 (PDT)
Received: by lagh6 with SMTP id h6so44685227lag.2 for <>; Wed, 01 Jul 2015 09:50:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=GOmvmmLxcPRtLfZ5FYeO1F1R0LoBTtX92ZZWwf4cOm4=; b=OrNTkC3R4geyWCI+ENoYnD5csf6QWbpOi8YO+nMHltyOBpqjhfA+whgU+E/V8MSwEk FFqYRMSm3vapz+T3j4oeW+u2qQEgsy5DSA7Ay3u2Zwaik77ke9BphkUmtLWucXw5zNTt fQVWQHmOnEMWCfyKcncYG3729VPFeSCc6lJY1GFRZal9U0aQI2KmF1nH+YSgQUkUVO1a YOKJjbM6oEEGrao5ER5Rtp9UVZtgFoDhT98wGGzwo/XHqvZwIScr7xEQz5dDIT7ps8oL HqxcXtneqIoplWz2Sbc74oDZJqcB0HLxfc5xt/JGnJS2Pv6VRwvzkTGmrXilywSVo/JL tpEw==
MIME-Version: 1.0
X-Received: by with SMTP id mv10mr26819969lbb.58.1435769442201; Wed, 01 Jul 2015 09:50:42 -0700 (PDT)
Received: by with HTTP; Wed, 1 Jul 2015 09:50:42 -0700 (PDT)
In-Reply-To: <>
References: <> <>
Date: Wed, 1 Jul 2015 12:50:42 -0400
X-Google-Sender-Auth: tqR4EyFudkAipDgy3nOkI7dqt_w
Message-ID: <>
From: Phillip Hallam-Baker <>
To: Ted Hardie <>
Content-Type: multipart/alternative; boundary=001a11c36bc694f5d80519d31f51
Archived-At: <>
Cc: "Salz, Rich" <>, "" <>
Subject: Re: [Acme] WG meeting at IETF 93
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 01 Jul 2015 16:50:46 -0000

I would like to present OmniPublish which is the protocol I was working on
before ACME came along.

It is not exactly the same as ACME but I think it is important to bear both
approaches in mind because we are going to end up requiring both and I
think they should both work in the same way and be implemented in the same

Consider SMTP and NNTP, they do different things but they do them in the
same way. The protocols are very similar under the covers which made it
easy to write mail/news readers.

ACME is a replacement for the CA interface. The reason I did not propose
doing that was that IETF has tried that on 3 separate occasions without
success to date and W3C has tried it once.

OmniPublish is designed as a meta-protocol that provides client
applications with a one stop shop for all their network configuration and
credential needs.

When a Web Service starts up it needs to have a number of separate
configurations performed:

  * Get a WebPKI cert
  * Get DNS parameters entered
  * Open firewall ports
  * Register contact info in a directory (Jabber, etc)

Traditionally this information has to be hand configured separately. And
this has major consequences for reliability. One of the main reasons I am
skeptical about DANE is that we have three levels of configuration that can
go wrong and today we expect all three to be done by hand, the DNSSEC
config, the DANE entries for the server and the server itself.

The only way I am going to trust that data is if those processes are
automated. Hence the idea behind OmniPublish.

On Tue, Jun 30, 2015 at 4:12 PM, Ted Hardie <> wrote:

> Just to bump this up on people's lists, Rich and I will put up a
> preliminary agenda next Monday.  If you want time for something other than
> draft-barnes-acme, please let us know.
> thanks,
> Ted and Rich
> On Fri, Jun 26, 2015 at 10:54 AM, Ted Hardie <> wrote:
>> Howdy,
>> As you've seen from the IESG announcement, ACME has been approved as a
>> working group, so our meeting in Prague will be as a working group rather
>> than a BoF.  The IETF agenda is still tentative, but we're currently
>> scheduled for Thursday, July 23rd, 15:20-17:20, in Karlin I/II.  (There is
>> still a chance that will change, though, so please do not tailor travel to
>> just that time frame!)
>> Our charter lists draft-barnes-acme as a starting point, and Rich and I
>> are asking the authors to produce an update for the meeting.  We expect
>> some of the working group time in Prague to be a document review/discussion
>> of that draft.
>> If you have other agenda items you'd like to request time for, please
>> send them to the list.
>> thanks,
>> Ted and Rich
> _______________________________________________
> Acme mailing list