[Acme] Protocol Action: 'ACME TLS ALPN Challenge Extension' to Proposed Standard (draft-ietf-acme-tls-alpn-07.txt)
The IESG <iesg-secretary@ietf.org> Thu, 17 October 2019 19:32 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: acme@ietf.org
Delivered-To: acme@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id DFE961209B5; Thu, 17 Oct 2019 12:32:12 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.106.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: rdd@cert.org, The IESG <iesg@ietf.org>, Daniel McCarney <cpu@letsencrypt.org>, draft-ietf-acme-tls-alpn@ietf.org, acme@ietf.org, cpu@letsencrypt.org, acme-chairs@ietf.org, rfc-editor@rfc-editor.org
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Message-ID: <157134073290.30090.1332297847231431569.idtracker@ietfa.amsl.com>
Date: Thu, 17 Oct 2019 12:32:12 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/AseJxYEhNM5ynNtCczyICwFwI4I>
Subject: [Acme] Protocol Action: 'ACME TLS ALPN Challenge Extension' to Proposed Standard (draft-ietf-acme-tls-alpn-07.txt)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2019 19:32:13 -0000
The IESG has approved the following document: - 'ACME TLS ALPN Challenge Extension' (draft-ietf-acme-tls-alpn-07.txt) as Proposed Standard This document is the product of the Automated Certificate Management Environment Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-acme-tls-alpn/ Technical Summary The ACME-TLS-ALPN draft extends the Automatic Certificate Management Environment (ACME) with a new domain validation challenge type (tls-alpn-01) that can be performed at the TLS layer alone. This challenge type meets the need of users (hosting providers, CDNs, etc) who wish to prove authorization of a DNS identifier without modifying HTTP handling behaviour or updating DNS zone data. This is the spiritual successor to the deprecated/removed TLS-SNI-01/02 challenge types from earlier ACME drafts. Working Group Summary There is WG consensus on the document Earlier drafts specified a id-pe-acmeIdentifier OID that was already assigned by IANA. This has been addressed in the latest draft. The ASN.1 format of the id-pe-acmeIdentifier was also both simplified (removing an unneeded subarc from the OID) and clarified (to emphasize the SHA-256 digest value). Document Quality Let's Encrypt, a high-volume ACME based CA, has fully implemented the tls-alpn-01 challenge type and has been issuing certificates in production using this challenge type since July 12th, 2018. Multiple independent ACME clients have implemented support for this challenge type. The overall document quality is high. Developing an implementation based on the specification text is reasonable. Interoperable client/server implementations exist and are in use in a production setting. Personnel The document shepard is Daniel McCarney. The responsible area director is Roman Danyliw.