Re: [Acme] Proposed ACME Charter Language
Russ Housley <housley@vigilsec.com> Sat, 25 April 2015 21:46 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39D641A9118 for <acme@ietfa.amsl.com>; Sat, 25 Apr 2015 14:46:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.5
X-Spam-Level:
X-Spam-Status: No, score=-100.5 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PJlkuS3GtAnl for <acme@ietfa.amsl.com>; Sat, 25 Apr 2015 14:46:51 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 6B8441AC3CC for <acme@ietf.org>; Sat, 25 Apr 2015 14:46:51 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id B1BC99A400D for <acme@ietf.org>; Sat, 25 Apr 2015 17:46:40 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id OovhCJiilyuf for <acme@ietf.org>; Sat, 25 Apr 2015 17:46:19 -0400 (EDT)
Received: from [192.168.2.100] (pool-96-255-145-93.washdc.fios.verizon.net [96.255.145.93]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id A5A499A4009 for <acme@ietf.org>; Sat, 25 Apr 2015 17:46:19 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Apple Message framework v1085)
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <28919F11-9336-41F6-9922-4E3E2DC4E935@gmail.com>
Date: Sat, 25 Apr 2015 17:46:08 -0400
Content-Transfer-Encoding: 7bit
Message-Id: <BD7B96B1-CD50-408F-AA06-49C20AB102A6@vigilsec.com>
References: <6A9C3116-8CC9-472C-8AA8-F555D060834C@vigilsec.com> <55351EAB.1060905@cs.tcd.ie> <E81896AA-245F-48B7-9B38-86AC30D2F82A@vigilsec.com> <553523E4.2090808@cs.tcd.ie> <84718B26-1DA3-4D46-8B6F-B615806229D7@vigilsec.com> <CABcZeBOy2yBEMGMxcDy=E3fvc+OF1sZfvOV7twJHAvKqtrxtLg@mail.gmail.com> <28919F11-9336-41F6-9922-4E3E2DC4E935@gmail.com>
To: IETF ACME <acme@ietf.org>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/0N3Bb4fD91ioLVTim3AUH1IBnDw>
Subject: Re: [Acme] Proposed ACME Charter Language
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Apr 2015 21:46:53 -0000
Here is the currrent language ... Russ = = = = = = = = = = Automated Certificate Management Environment (ACME) Historically, issuance of certificates for Internet applications (e.g., web servers) has involved many manual identity validation steps by the certification authority (CA). The ACME WG will specify conventions for automated X.509 certificate management, including validation of control over an identifier, certificate issuance, certificate renewal, and certificate revocation. The initial focus of the ACME WG will be on domain name certificates (as used by web servers), but other uses of certificates can be considered as work progresses. ACME certificate management must allow the CA to verify, in an automated manner, that the party requesting a certificate has authority over the requested identifiers, including the subject and subject alternative names. The processing must also confirm that the requesting party has access to the private key that corresponds to the public key that will appear in the certificate. All of the processing must be done in a manner that is compatible with common service deployment environments, such as hosting environments. ACME certificate management must, in an automated manner, allow a party that has previously requested a certificate to subsequently request revocation of that certificate. In order to facilitate deployment by CAs, the ACME protocol must be compatible with common industry standards for the operation of a CA, for example the CA/Browser Forum Baseline Requirements [0]. The starting point for ACME WG discussions shall be draft-barnes-acme. [0] https://cabforum.org/wp-content/uploads/BRv1.2.3.pdf
- [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Stephen Farrell
- Re: [Acme] Proposed ACME Charter Language Salz, Rich
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Stephen Farrell
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Stephen Farrell
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Stephen Farrell
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Stephen Farrell
- Re: [Acme] Proposed ACME Charter Language hallam
- Re: [Acme] Proposed ACME Charter Language Eric Rescorla
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Songhaibin (A)
- Re: [Acme] Proposed ACME Charter Language Anders Rundgren
- Re: [Acme] Proposed ACME Charter Language Dr. Pala
- Re: [Acme] Proposed ACME Charter Language Ben Laurie
- Re: [Acme] Proposed ACME Charter Language Salz, Rich
- Re: [Acme] Proposed ACME Charter Language Bernd Eckenfels
- [Acme] PKIX "standards" Re: Proposed ACME Charter… Anders Rundgren
- Re: [Acme] Proposed ACME Charter Language Ted Hardie
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Salz, Rich
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Ted Hardie
- Re: [Acme] Proposed ACME Charter Language Kathleen Moriarty
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Randy Bush
- Re: [Acme] Proposed ACME Charter Language Ted Hardie
- Re: [Acme] Proposed ACME Charter Language Martin Thomson
- Re: [Acme] Proposed ACME Charter Language Salz, Rich
- Re: [Acme] Proposed ACME Charter Language Randy Bush
- Re: [Acme] Proposed ACME Charter Language Ted Hardie
- Re: [Acme] Proposed ACME Charter Language Ted Hardie
- Re: [Acme] Proposed ACME Charter Language Randy Bush
- Re: [Acme] Proposed ACME Charter Language Ted Hardie
- Re: [Acme] Proposed ACME Charter Language Martin Thomson
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Peter Eckersley
- Re: [Acme] Proposed ACME Charter Language Phillip Hallam-Baker
- Re: [Acme] Proposed ACME Charter Language Richard Barnes
- Re: [Acme] Proposed ACME Charter Language Joseph Lorenzo Hall
- Re: [Acme] Proposed ACME Charter Language Richard Barnes
- Re: [Acme] Proposed ACME Charter Language Ted Hardie
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Daniel Kahn Gillmor
- Re: [Acme] Proposed ACME Charter Language Paul Winkeler
- Re: [Acme] Proposed ACME Charter Language Joseph Lorenzo Hall
- Re: [Acme] Proposed ACME Charter Language Michael Ströder