[Acme] Current Charter language

Ted Hardie <ted.ietf@gmail.com> Fri, 15 May 2015 16:48 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id E65B41A6F2F for <acme@ietfa.amsl.com>; Fri, 15 May 2015 09:48:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id FgqCvpvXorMy for <acme@ietfa.amsl.com>; Fri, 15 May 2015 09:48:40 -0700 (PDT)
Received: from mail-wg0-x234.google.com (mail-wg0-x234.google.com [IPv6:2a00:1450:400c:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 126D91A6F15 for <acme@ietf.org>; Fri, 15 May 2015 09:48:40 -0700 (PDT)
Received: by wguv19 with SMTP id v19so57456819wgu.1 for <acme@ietf.org>; Fri, 15 May 2015 09:48:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=TkI3vvRn1DGYFzpTn1+qfMPSe8DBzS5WHljUvoQOd5c=; b=rVb5Aavi8tZvGPWyh55z7uukrCdn62FYjAQrmiX1E4+N1lm2sFQRQwRZV4NIGVxik5 7ThGrWvORMVdTvDRrdjArlanGLdTXrJmeoWbIjAF3C+WhASMsCgYvX4kIhAbHhJ48Qda a/VpYEoJAoJrPoYMzZbzgSnIxFnmw2k3JaQSBqACiZ8azki1WCF+5T7HkL78+/ur7hcU uYeGNtLg8PM/Q1RIwCev1ClJ9VDk+7x6zCOjBFj14kJkgYwEwVORSEuPsxgikrjtTacF Tg8/T1OZq0t8GVVGr5J7a/X3hamYvXL/6Sdr7VVg8FvZERwUaRg2bJMOI9SQ+6r39K+I 3y1w==
MIME-Version: 1.0
X-Received: by with SMTP id lu3mr8725940wic.10.1431708518760; Fri, 15 May 2015 09:48:38 -0700 (PDT)
Received: by with HTTP; Fri, 15 May 2015 09:48:38 -0700 (PDT)
Date: Fri, 15 May 2015 09:48:38 -0700
Message-ID: <CA+9kkMBvwLexviH97=dqj40-3-6i6+UMp7hFVzfCpY5_WJAaFQ@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: "acme@ietf.org" <acme@ietf.org>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="001a1133d3ceaec5350516219d23"
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/3i48QjD0OropJFZJpBRUNoljZWQ>
Subject: [Acme] Current Charter language
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2015 16:48:42 -0000

Okay, with the discussion so far, the charter looks like this:

Automated Certificate Management Environment (ACME)

Historically, issuance of certificates for Internet applications
(e.g., web servers) has involved many manual identity validation steps
by the certification authority (CA).  The ACME WG will specify
conventions for automated X.509 certificate management, including
validation of control over an identifier, certificate issuance,
certificate renewal, and certificate revocation.  The initial focus of
the ACME WG will be on domain name certificates (as used by web
servers), but other uses of certificates can be considered as work

ACME certificate management must allow the CA to verify, in an
automated manner, that the party requesting a certificate has authority
over the requested identifiers, including the subject and subject
alternative names.  The processing must also confirm that the requesting
party has access to the private key that corresponds to the public key
that will appear in the certificate.  All of the processing must be done
in a manner that is compatible with common service deployment
environments, such as hosting environments.

ACME certificate management must, in an automated manner, allow an
authorized party to request revocation of a certificate.

The ACME working group is specifying ways to automate certificate
issuance, validation, revocation and renewal.  The ACME working
group is not reviewing or producing certificate policies or

The starting point for ACME WG discussions shall be draft-barnes-acme.

I think we know of two milestones now, a first draft-ietf and submitting
the protocol draft for proposed standard.  To give dates for those, how


August 2015   Initial working group draft
March 2016    Submit working group to IESG as Proposed Standard

Any other obvious edits needed?