Re: [Acme] Proposed ACME Charter Language

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 20 April 2015 15:43 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E41D31B2F13 for <acme@ietfa.amsl.com>; Mon, 20 Apr 2015 08:43:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id trfay6weso0C for <acme@ietfa.amsl.com>; Mon, 20 Apr 2015 08:43:44 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F18801B2F09 for <acme@ietf.org>; Mon, 20 Apr 2015 08:43:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 24279BE88; Mon, 20 Apr 2015 16:43:41 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nn1rXF8_nnwZ; Mon, 20 Apr 2015 16:43:40 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.46.17.62]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 03D86BE7C; Mon, 20 Apr 2015 16:43:40 +0100 (IST)
Message-ID: <55351EAB.1060905@cs.tcd.ie>
Date: Mon, 20 Apr 2015 16:43:39 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Russ Housley <housley@vigilsec.com>, IETF ACME <acme@ietf.org>
References: <6A9C3116-8CC9-472C-8AA8-F555D060834C@vigilsec.com>
In-Reply-To: <6A9C3116-8CC9-472C-8AA8-F555D060834C@vigilsec.com>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/1p0uXEb4GCLjTab8JwqzhBprdvA>
Subject: Re: [Acme] Proposed ACME Charter Language
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2015 15:43:46 -0000

Hi Russ,

This bit puzzles me a lot, other bits puzzle me a little:-)

On 20/04/15 16:23, Russ Housley wrote:
> The ACME WG will not duplicate work from previous IETF
> certificate management efforts. 

If accepted, that would seem to me to nullify the entire
effort. Can you explain why I'm reading it wrong?

ACME absolutely will duplicate work from previous IETF
certificate management efforts that have failed to get
traction over the last decade and a half. That is entirely
fine IMO and needs no explicit justification whatsoever
since we have 15 years of crystal clear non-use, outside
of niche environments. (It is true that what is now
considered a niche was not so considered back then.)

In fact I believe anyone who claims such duplication is a
problem should be the one to provide evidence for that by
documenting exactly why and at what scale.

It is just not credible for us to pretend that CMC, CMP,
or EST are widely used for certificate management on the
public Internet. If I'm wrong there I would really love
to see the evidence but absent such, duplicating bits of
functionality present in current RFCs that are not at all
widely used is what is needed for this effort and needs
to be encouraged.

I think we really ought bottom out on this aspect before
chartering - it'd be dumb of us to charter an ACME WG that
has to fight all the CRMF battles over again, or the ASN.1
vs. whatever issues. So I hope lots of voices chime in
and say what they think.

S.