[Acme] Fwd: New Version Notification for draft-sheffer-acme-star-delegation-01.txt
Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 13 November 2018 20:44 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 020B4130DFE for <acme@ietfa.amsl.com>; Tue, 13 Nov 2018 12:44:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QTwCnPjArcC5 for <acme@ietfa.amsl.com>; Tue, 13 Nov 2018 12:44:02 -0800 (PST)
Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FA5C12D4EA for <acme@ietf.org>; Tue, 13 Nov 2018 12:44:02 -0800 (PST)
Received: by mail-wr1-x429.google.com with SMTP id p4so5662577wrt.7 for <acme@ietf.org>; Tue, 13 Nov 2018 12:44:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:references:to:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=5zv9Svd0ESeWElK3zdM/ud3nU1rhrDddLc1Z1tamkaQ=; b=k9XxaxmK2B4xvOfxk9z1zPKopEtNzoZoVM/l+uCIq+8NWuS5q5zjdr1KfJ/xN3loQ4 gNvF50gWf5C3W73fnQa5XRAOjC+dfrjo82ro420Q+b1T8r2r8sohegD/zzuPOvkj0Wxz KgCFKtNJtEjyFe4qDhzvS6RbcX/Ph8o38h+bfEWaxfObruX4JdrNkJ150Pra6dZcMsM/ AKOfvVytulMCTTovSzNsmIuUa/H1trft+M0FTIHq1LID3XXMWqaV3nVNulUGoAiRxQNh 8xLrMFg3WPVHfkp16WJfHCpzwZ2XythkxxrYswktU/Bqy0iXYMD3hp+9ZDMAoStExBXH W6Ww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:references:to:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=5zv9Svd0ESeWElK3zdM/ud3nU1rhrDddLc1Z1tamkaQ=; b=WzlHfMotUqIRlCAuX57Y98Fv+Ddlmuoyx65iCH8tAwJs1MZ0d349f0dL2R1qGJs92w 5CYKqmb9yNblYwnQS1d08FOcsVRjmgNqEiI36aFo74j/oPs/G5lCAWxDeDGrtCVunLby hBjzyvop+26EZlrmDx4ZJfPqYCIqdh7MkVJtZ6SUWbfFkkHZV5RUhnM3IIz1W1ZNpokU ytpmTHzPbr7KCzqnnEWoubVCKM7IeFpspHVpW/+hYoCYmP9ZPFcsm5CZvmOkkVxDntrp dZfe2YLg2c+dYM4e4POrYPk3nsPAn/ba0md84+XJ08GTlxyYfdyWDqcoOCItTkgF7yQ5 v9Vw==
X-Gm-Message-State: AGRZ1gKNH4Ob1Il2YFk0zqaRvrYr4VSOsbFHETnS+Od1x9DQGllTXE5r 4u8UtWkSmpqv17ak/RK5aiy1pBKU
X-Google-Smtp-Source: AJdET5cEH8dawvqbF0edRXzv8TU+l/+yF2z5GNV2EHb7KMCI9ozy7ST6UcGMrFFZvqQdiTfWl618JQ==
X-Received: by 2002:a5d:6405:: with SMTP id z5-v6mr6074007wru.64.1542141840327; Tue, 13 Nov 2018 12:44:00 -0800 (PST)
Received: from [10.0.0.145] (bzq-79-178-54-33.red.bezeqint.net. [79.178.54.33]) by smtp.gmail.com with ESMTPSA id k15sm5709530wru.8.2018.11.13.12.43.59 for <acme@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Nov 2018 12:43:59 -0800 (PST)
References: <154214158564.27754.4438718874407240748.idtracker@ietfa.amsl.com>
To: "acme@ietf.org" <acme@ietf.org>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
X-Forwarded-Message-Id: <154214158564.27754.4438718874407240748.idtracker@ietfa.amsl.com>
Message-ID: <7fcfb58d-bef5-64cf-4cef-57d2c6474b01@gmail.com>
Date: Tue, 13 Nov 2018 22:43:57 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <154214158564.27754.4438718874407240748.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/BBpfvTsZc0xSZmh_8tIwVhdvC38>
Subject: [Acme] Fwd: New Version Notification for draft-sheffer-acme-star-delegation-01.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Nov 2018 20:44:05 -0000
We submitted a new version of this document, the second one we discussed in Bangkok. The only change is the addition of a Security Considerations section that explains how the CDN can be prevented from issuing certificates for the delegated domain. Thanks, Yaron -------- Forwarded Message -------- Subject: New Version Notification for draft-sheffer-acme-star-delegation-01.txt Date: Tue, 13 Nov 2018 12:39:45 -0800 From: internet-drafts@ietf.org To: Yaron Sheffer <yaronf.ietf@gmail.com>, Thomas Fossati <thomas.fossati@nokia.com>, Antonio Agustin Pastor Perales <antonio.pastorperales@telefonica.com>, Antonio Pastor <antonio.pastorperales@telefonica.com>, Diego Lopez <diego.r.lopez@telefonica.com> A new version of I-D, draft-sheffer-acme-star-delegation-01.txt has been successfully submitted by Yaron Sheffer and posted to the IETF repository. Name: draft-sheffer-acme-star-delegation Revision: 01 Title: An ACME Profile for Generating Delegated STAR Certificates Document date: 2018-11-13 Group: Individual Submission Pages: 13 URL: https://www.ietf.org/internet-drafts/draft-sheffer-acme-star-delegation-01.txt Status: https://datatracker.ietf.org/doc/draft-sheffer-acme-star-delegation/ Htmlized: https://tools.ietf.org/html/draft-sheffer-acme-star-delegation-01 Htmlized: https://datatracker.ietf.org/doc/html/draft-sheffer-acme-star-delegation Diff: https://www.ietf.org/rfcdiff?url2=draft-sheffer-acme-star-delegation-01 Abstract: This memo proposes a profile of the ACME protocol that allows the owner of an identifier (e.g., a domain name) to delegate to a third party access to a certificate associated with said identifier. A primary use case is that of a CDN (the third party) terminating TLS sessions on behalf of a content provider (the owner of a domain name). The presented mechanism allows the owner of the identifier to retain control over the delegation and revoke it at any time by cancelling the associated STAR certificate renewal with the ACME CA. Another key property of this mechanism is it does not require any modification to the deployed TLS ecosystem. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [Acme] Fwd: New Version Notification for draft-sh… Yaron Sheffer