IETF Logo Mail Archive

[Acme] FW: Fwd: New Version Notification for draft-ietf-acme-star-delegation-01.txt

"Salz, Rich" <rsalz@akamai.com> Tue, 27 August 2019 15:11 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE0B0120827 for <acme@ietfa.amsl.com>; Tue, 27 Aug 2019 08:11:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fHU3N-9BF8Is for <acme@ietfa.amsl.com>; Tue, 27 Aug 2019 08:11:13 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEA16120831 for <acme@ietf.org>; Tue, 27 Aug 2019 08:11:13 -0700 (PDT)
Received: from pps.filterd (m0050093.ppops.net [127.0.0.1]) by m0050093.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id x7RF5MSZ007330 for <acme@ietf.org>; Tue, 27 Aug 2019 16:11:13 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=Y1QUcsizMKrcHGVsXOBTLc+hUFeHClrGvqG6O6WLf6s=; b=ffHrgXR/j49tjIS3ZKvQd94N0uGt8yRsHb/BW4BhDvIO4/UsRebwYAIeX4CG03iX0n90 /YYsVn1/gr7GqeJUaJFwCbEOYCgmPHV068ktKaqonnd28+az5kq0kBsT8M0zcecPzKsa 52KgpQV1bFn3hNt0/9A2tnAhzaxEBe2/31LwZnKH4DhiAb6y/uvQOF57bIQi1+aiseev 6jRaxLbMiie9krZ+6lJvua0wRjtLc+UW+64x4Fa6C91GZ4NgVuZ/py2Jo9+5wTn4yPFa gMFpQWpVrTs8wkSZOfC1pFOhUcARMBYH8c+Nq1t7Pf97narn7W9LdNwdocjlX9o4PHH4 Ag==
Received: from prod-mail-ppoint7 (prod-mail-ppoint7.akamai.com [96.6.114.121] (may be forged)) by m0050093.ppops.net-00190b01. with ESMTP id 2ujwcmd6pj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <acme@ietf.org>; Tue, 27 Aug 2019 16:11:13 +0100
Received: from pps.filterd (prod-mail-ppoint7.akamai.com [127.0.0.1]) by prod-mail-ppoint7.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x7RF66ak025186 for <acme@ietf.org>; Tue, 27 Aug 2019 11:11:12 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint7.akamai.com with ESMTP id 2uk0jwd9vg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <acme@ietf.org>; Tue, 27 Aug 2019 11:11:12 -0400
Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com (172.27.123.105) by usma1ex-dag3mb2.msg.corp.akamai.com (172.27.123.59) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 27 Aug 2019 11:11:10 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb5.msg.corp.akamai.com (172.27.123.105) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 27 Aug 2019 11:11:09 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1473.005; Tue, 27 Aug 2019 11:11:09 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: "acme@ietf.org" <acme@ietf.org>
Thread-Topic: [Acme] Fwd: New Version Notification for draft-ietf-acme-star-delegation-01.txt
Thread-Index: AQHVXKCtN3735+drqkCtgOuZMR+Sx6cPGg6A
Date: Tue, 27 Aug 2019 15:11:09 +0000
Message-ID: <B446D8E1-0563-4D24-BFA3-D77FA5A97B40@akamai.com>
References: <156688663499.2633.13348873823926960427.idtracker@ietfa.amsl.com> <0d62ec19-399c-94e7-a44a-098ccf99bc7e@gmail.com>
In-Reply-To: <0d62ec19-399c-94e7-a44a-098ccf99bc7e@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1c.0.190812
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.37.129]
Content-Type: text/plain; charset="utf-8"
Content-ID: <D2955C0B5FC8C949905E6C10788A1E86@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-08-27_03:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1906280000 definitions=main-1908270155
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8 definitions=2019-08-27_03:2019-08-27,2019-08-27 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 clxscore=1011 adultscore=0 mlxscore=0 suspectscore=0 lowpriorityscore=0 spamscore=0 impostorscore=0 phishscore=0 priorityscore=1501 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1906280000 definitions=main-1908270155
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/AsQwACHrbp8QYgyYHEOeW-eWs2s>
Subject: [Acme] FW: Fwd: New Version Notification for draft-ietf-acme-star-delegation-01.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Aug 2019 15:11:16 -0000

Colleagues,

I encourage you to read this draft and post comments, if any, to the list.

A structure for delegation opens up ACME to a large number of use cases.

On 8/27/19, 2:28 AM, "Yaron Sheffer" <yaronf.ietf@gmail.com> wrote:

    The new version contains some significant changes:
    
    - Addition of the STIR use case.
    - Refinement of the CDNI use case.
    - Addition of the CSR template (partial, more work required).
    - Further security considerations (work in progress).
    
    Thanks,
    	Yaron
    
    -------- Forwarded Message --------
    Subject: New Version Notification for draft-ietf-acme-star-delegation-01.txt
    Date: Mon, 26 Aug 2019 23:17:15 -0700
    From: internet-drafts@ietf.org
    To: Yaron Sheffer <yaronf.ietf@gmail.com>, Thomas Fossati 
    <thomas.fossati@nokia.com>, Antonio Agustin Pastor Perales 
    <antonio.pastorperales@telefonica.com>, Antonio Pastor 
    <antonio.pastorperales@telefonica.com>, Diego Lopez 
    <diego.r.lopez@telefonica.com>
    
    
    A new version of I-D, draft-ietf-acme-star-delegation-01.txt
    has been successfully submitted by Yaron Sheffer and posted to the
    IETF repository.
    
    Name:		draft-ietf-acme-star-delegation
    Revision:	01
    Title:		An ACME Profile for Generating Delegated STAR Certificates
    Document date:	2019-08-26
    Group:		acme
    Pages:		17
    URL: 
    https://www.ietf.org/internet-drafts/draft-ietf-acme-star-delegation-01.txt
    Status: 
    https://datatracker.ietf.org/doc/draft-ietf-acme-star-delegation/
    Htmlized: 
    https://tools.ietf.org/html/draft-ietf-acme-star-delegation-01
    Htmlized: 
    https://datatracker.ietf.org/doc/html/draft-ietf-acme-star-delegation
    Diff: 
    https://www.ietf.org/rfcdiff?url2=draft-ietf-acme-star-delegation-01
    
    Abstract:
        This memo proposes a profile of the ACME protocol that allows the
        owner of an identifier (e.g., a domain name) to delegate to a third
        party access to a certificate associated with said identifier.  A
        primary use case is that of a CDN (the third party) terminating TLS
        sessions on behalf of a content provider (the owner of a domain
        name).  The presented mechanism allows the owner of the identifier to
        retain control over the delegation and revoke it at any time by
        cancelling the associated STAR certificate renewal with the ACME CA.
        Another key property of this mechanism is it does not require any
        modification to the deployed TLS ecosystem.
    
     
    
    
    Please note that it may take a couple of minutes from the time of submission
    until the htmlized version and diff are available at tools.ietf.org.
    
    The IETF Secretariat
    
    _______________________________________________
    Acme mailing list
    Acme@ietf.org
    https://www.ietf.org/mailman/listinfo/acme

v2.23.0 | Report a Bug | By Email