Re: [Acme] ACME or EST?

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 26 November 2014 01:25 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B84F1A8759 for <acme@ietfa.amsl.com>; Tue, 25 Nov 2014 17:25:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fgr5D0vkgnBg for <acme@ietfa.amsl.com>; Tue, 25 Nov 2014 17:25:45 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id AE3AA1A874B for <acme@ietf.org>; Tue, 25 Nov 2014 17:25:45 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 9AFD6BED8; Wed, 26 Nov 2014 01:25:44 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pa6VD5b9xEMj; Wed, 26 Nov 2014 01:25:41 +0000 (GMT)
Received: from [10.87.48.5] (unknown [86.41.50.31]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 80892BED7; Wed, 26 Nov 2014 01:25:41 +0000 (GMT)
Message-ID: <54752C15.5060401@cs.tcd.ie>
Date: Wed, 26 Nov 2014 01:25:41 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Phillip Hallam-Baker <phill@hallambaker.com>, Richard Barnes <rlb@ipv.sx>
References: <AD5940AA-6F01-4D0E-A4E0-19AEA56BBED3@vpnc.org> <CAL02cgTgpjQffow2XuaNuT7BtqYVttXdVUgyqBFbsAbN4g0VzQ@mail.gmail.com> <CAMm+Lwje44G2CZLfYJQAAR41CBw7+SCZNwdNPy+zO-VOeHZvkw@mail.gmail.com>
In-Reply-To: <CAMm+Lwje44G2CZLfYJQAAR41CBw7+SCZNwdNPy+zO-VOeHZvkw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/2FWCZEiNmJTBGJ5thz0agoPyS_c
Cc: acme@ietf.org, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [Acme] ACME or EST?
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2014 01:25:48 -0000


On 26/11/14 00:34, Phillip Hallam-Baker wrote:
> How about XKMS? It has much less ASN.1, its all angle brackets.
> 
> Stephen F. knows about it, he was the WG chair.

I'd put that down as approx. valiant, failed, attempt #4 at
cert mgmt. Ah well:-)

S.

> 
> 
> Less ASN.1 is always good.
> 
> 
> On Tue, Nov 25, 2014 at 4:55 PM, Richard Barnes <rlb@ipv.sx> wrote:
>> A few things off the top of my head:
>>
>> * If nothing else, much less ASN.1.  (Cf. JOSE vs. CMS)
>> * Support for other certificate management functions, e.g., revocation
>> * Validation of possession of identifiers
>> * Cleaner use of HTTP
>>
>>
>>
>> On Tue, Nov 25, 2014 at 4:41 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
>>>
>>> Greetings again. The abstract of the ACME pre-draft at
>>> https://github.com/letsencrypt/acme-spec (which Richard will hopefully
>>> publish as a real draft soon) says:
>>>
>>>    This
>>>    document describes a protocol that a certificate authority (CA) and a
>>>    applicant can use to automate the process of verification and
>>>    certificate issuance. The protocol also provides facilities for
>>>    other certificate management functions, such as certificate
>>>    revocation.
>>>
>>> This overlaps a lot with "Enrollment over Secure Transport" (EST),
>>> <https://tools.ietf.org/html/rfc7030>.
>>>
>>> For many people who saw last week's announcement, the main use case of
>>> ACME is "make it easy to create a client that can create a key, get it
>>> enrolled with a server, get the new certificate back, and install that
>>> certificate in a web server". What does/will ACME offer that EST does not
>>> already?
>>>
>>> --Paul Hoffman
>>> _______________________________________________
>>> Acme mailing list
>>> Acme@ietf.org
>>> https://www.ietf.org/mailman/listinfo/acme
>>
>>
>>
>> _______________________________________________
>> Acme mailing list
>> Acme@ietf.org
>> https://www.ietf.org/mailman/listinfo/acme
>>
> 
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
> 
>