[Acme] Fwd: New Version Notification for draft-sweet-iot-acme-03.txt
Michael Sweet <msweet@msweet.org> Thu, 09 February 2023 12:07 UTC
Return-Path: <msweet@msweet.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0195C14F738 for <acme@ietfa.amsl.com>; Thu, 9 Feb 2023 04:07:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=msweet.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0zjcLZrdBBzN for <acme@ietfa.amsl.com>; Thu, 9 Feb 2023 04:07:37 -0800 (PST)
Received: from mail.msweet.org (mail.msweet.org [173.255.209.91]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF77AC14EB15 for <acme@ietf.org>; Thu, 9 Feb 2023 04:07:37 -0800 (PST)
Received: from smtpclient.apple (cbl-66-186-76-47.vianet.ca [66.186.76.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.msweet.org (Postfix) with ESMTPSA id CCD38803AC; Thu, 9 Feb 2023 12:07:36 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.msweet.org CCD38803AC
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=msweet.org; s=default; t=1675944457; bh=KrZbKNcqjG4f3IX6K7QL208aJzg6cONZeCYnRIknqfg=; h=From:Date:Subject:To:From; b=EKSwFUHYODSwuEYIPemohVvAU8ZTsgvaTPlnjlqqVG39iDwpVx0aF3nXV/ECwztDf yY3305yXQvLq+JCO4+9iB/f3x3cqrY/3zHMp9R6zpaEcxOTIKcczSPpivE9c9599gK aU4UDJTxYgUDeBig8hGliaY4YN+vlhZNJF4lkLy8=
From: Michael Sweet <msweet@msweet.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\))
Date: Thu, 09 Feb 2023 07:07:25 -0500
Message-Id: <3D7E9779-A91B-468C-B1BB-155D4121390B@msweet.org>
To: acme@ietf.org
X-Mailer: Apple Mail (2.3731.400.51.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/BEBuWL3UwOdUneltEHAugffSopc>
Subject: [Acme] Fwd: New Version Notification for draft-sweet-iot-acme-03.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2023 12:07:43 -0000
All, This is an I-D I've been working on sporadically to address trusted certificate generation for IoT devices like printers, cameras, etc. As indicated in the abstract, it enables discovery and usage of a local ACME server that provides a trusted root certificate for the local network as well as signed certificates for any IoT devices that need them. The goal is to provide something better than self-signed certificates while supporting simple home networks (where your router probably provides the ACME server for ".local") to enterprise networks with dedicated certificate and DNS servers. I'm hoping to have some prototype code ready to post on Github in the coming months, but obviously would be grateful for any feedback you have. Thanks! (Also circulating in the IoT OPS WG in the IETF, and the IEEE-ISTO Printer Working Group where I am secretary of the Internet Printing Protocol WG...) > Begin forwarded message: > > From: internet-drafts@ietf.org > Subject: New Version Notification for draft-sweet-iot-acme-03.txt > Date: February 6, 2023 at 4:42:33 PM EST > To: "Michael Sweet" <msweet@msweet.org> > > > A new version of I-D, draft-sweet-iot-acme-03.txt > has been successfully submitted by Michael Sweet and posted to the > IETF repository. > > Name: draft-sweet-iot-acme > Revision: 03 > Title: ACME-Based Provisioning of IoT Devices > Document date: 2023-02-06 > Group: Individual Submission > Pages: 12 > URL: https://www.ietf.org/archive/id/draft-sweet-iot-acme-03.txt > Status: https://datatracker.ietf.org/doc/draft-sweet-iot-acme/ > Html: https://www.ietf.org/archive/id/draft-sweet-iot-acme-03.html > Htmlized: https://datatracker.ietf.org/doc/html/draft-sweet-iot-acme > Diff: https://author-tools.ietf.org/iddiff?url2=draft-sweet-iot-acme-03 > > Abstract: > This document extends the Automatic Certificate Management > Environment (ACME) [RFC8555] to provision X.509 certificates for > local Internet of Things (IoT) devices that are accepted by existing > web browsers and other software running on End User client devices. > > > > > The IETF Secretariat > > ________________________ Michael Sweet
- [Acme] Fwd: New Version Notification for draft-sw… Michael Sweet