[Acme] WGLC on draft-ietf-acme-star-delegation
Yoav Nir <ynir.ietf@gmail.com> Sat, 03 October 2020 21:35 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E712B3A08C3 for <acme@ietfa.amsl.com>; Sat, 3 Oct 2020 14:35:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8h7OQxXcUwjE for <acme@ietfa.amsl.com>; Sat, 3 Oct 2020 14:35:11 -0700 (PDT)
Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 095283A07B0 for <acme@ietf.org>; Sat, 3 Oct 2020 14:35:10 -0700 (PDT)
Received: by mail-ej1-x62d.google.com with SMTP id nw23so6507591ejb.4 for <acme@ietf.org>; Sat, 03 Oct 2020 14:35:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:message-id:date:to; bh=VuBfyLdQ8N9wNj4nBDwa3Ne4eLoO5krGskZPRTAo7NA=; b=QVxw90yN2EQmC0pKGohO1T64QzM5Wfn5DXqfT3Te2RBjxrLOlGQZBxSWXDYo7o6cTN Y4gZbtjNHoxqGPcP721UeWEpXKHM4+rjgPhk4mKsRdwRH9gTDOeD/9O1ggzsfLJ63iP1 ox/dzRkvzEh/DgNy95f9hNzvdPrZfTIqB1cN8m5su6XkmO9+fNNYcyksLSHyJWT3+g2t 1BGqhUQulgcEHBLwnjTs8ToDLVpbLqKsBF+PQrwoiqN8M5j4L7oZH8FFh341DCBTQguV ebKVVZu61vVL97tB5pJwHtOGWWSgbKUO8Ybw6mWNOkAWXCLrCB2nZCvcIEzCoB5uSf3Q r70g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:date:to; bh=VuBfyLdQ8N9wNj4nBDwa3Ne4eLoO5krGskZPRTAo7NA=; b=UQ76oYwplSVIfF6v2q7WOWRe2Ov9hrqkz/+i9CiI2yXdaXH19YOkxGDcGqu5sQulMR 02irwNrruxtm5jeHmHaeJ/WgnUNPyJ5aMCBQ514Wc+brB3sAoyGrZUI69JA8jSwackI+ VYag5x9mdy1+P1liuhi8UOl6YSwGDUj0IKBeDnvRf20UFLmatzMONIo69WHl+6RsNbJ6 NRRLPRP3Cd521AfYFmgazYjPswfoEcm4pATzXDp71X1p0o9+nJdVmlPrfL83BPa/ByAV Q+syd0w3zya0EkfCCgt6yzggVTkorE/LyALb73ceRVx9E7MHkq9xBnY5AnF/vcR9lMrt xqog==
X-Gm-Message-State: AOAM53225coj+DdkCdaNEI7E7r7gWUNCUlBBhzQXx1rOF8PbHlbgQDmV 9VR7uC+FW5LXsGFWQ0nMoOe87gc133s=
X-Google-Smtp-Source: ABdhPJx7nym7giyhUu7k4uVtYp5KY52fJf/vWC2PI3D5S/5y7EtpEhRs3bGNh8TALtH47pi1Mxr/mg==
X-Received: by 2002:a17:906:bcfc:: with SMTP id op28mr8265923ejb.248.1601760908894; Sat, 03 Oct 2020 14:35:08 -0700 (PDT)
Received: from [192.168.1.15] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id t3sm5140234edv.59.2020.10.03.14.35.07 for <acme@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 03 Oct 2020 14:35:08 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_67ECE748-BEDC-47E0-A82F-9C2D09A4B653"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Message-Id: <DAABB51D-55F2-48DB-9616-CA9A44E874C9@gmail.com>
Date: Sun, 04 Oct 2020 00:35:06 +0300
To: IETF ACME <acme@ietf.org>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/0iMBEyrwRyvQWEr9UmOhcNImdFQ>
Subject: [Acme] WGLC on draft-ietf-acme-star-delegation
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Oct 2020 21:35:14 -0000
Hello all This memo proposes a profile of the ACME protocol that allows the owner of an identifier (e.g., a domain name) to delegate to a third party access to a certificate associated with said identifier. A primary use case is that of a CDN (the third party) terminating TLS sessions on behalf of a content provider (the owner of a domain name). The presented mechanism allows the owner of the identifier to retain control over the delegation and revoke it at any time by cancelling the associated STAR certificate renewal with the ACME CA. Another key property of this mechanism is it does not require any modification to the deployed TLS ecosystem. Having this document discussed in the working group for almost two years, the authors and chairs believe that this document is ready for working group last call. So this is to start a 2-week WGLC on this document. Please read the document and send comments to the list. Statements of support or opposition are also welcome, especially if accompanied by a technical explanation. Send the comments to the list by EOD Monday 19-Oct-2020. Rich & Yoav