[Acme] Re: ACME and PLANTS

Mike Ounsworth <ounsworth+ietf@gmail.com> Fri, 13 March 2026 05:18 UTC

Return-Path: <ounsworth@gmail.com>
X-Original-To: acme@mail2.ietf.org
Delivered-To: acme@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id D3E45C93E18F for <acme@mail2.ietf.org>; Thu, 12 Mar 2026 22:18:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BrFrd5YRMIf4 for <acme@mail2.ietf.org>; Thu, 12 Mar 2026 22:18:58 -0700 (PDT)
Received: from mail-ot1-x32a.google.com (mail-ot1-x32a.google.com [IPv6:2607:f8b0:4864:20::32a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 00108C93E188 for <acme@ietf.org>; Thu, 12 Mar 2026 22:18:57 -0700 (PDT)
Received: by mail-ot1-x32a.google.com with SMTP id 46e09a7af769-7d7447778b9so885755a34.2 for <acme@ietf.org>; Thu, 12 Mar 2026 22:18:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1773379137; cv=none; d=google.com; s=arc-20240605; b=ZuufG76Dj073/MdQ/AfoL3czaEpzxM8k5lljhTrhg9ZxsZ7+JJ9KScKkpW82+Nk+Oj lfcuGvEsP/Yla8/i3yv6WZHgQzDBIH0QrjGc/w3nLVb4TW0VQ5m14JVkog1Eq7egF3xR w6tTaf7U483iMsB9MyCVwRGeIvrhl0ik6l0bjhFeMAvhHtzPLQSFtz6np0BIBdy6XVh2 xumhWrUUEPukzCm9A2LRPgC4SDeI7jloLssanoo0YtT5YsL5mDqb+l1ahJr2xqaluf1i 8kDp4Fy8mNBQa1uJpFqR1YzTXOV9BHlytobi6u9vHBarKMcK/2/3TjyG2rhDDB381yR0 vAXA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=BJrRJ42PbatpMd4/zVeZ8gpbXHelOC9TIzuJL/cDRyc=; fh=8EmLAD0aOTw9ywKs6frqpP3znMMfcLn+6kGKx7DDO4Y=; b=FZG4aG5iCZGgObV5drfNmh+qUerBH5Szlq2CF3n7Xuwv/cC3Yt6yvijaH/V3zF1niN ougNX1qp/plmxEVuaHD0rfd3kUfWBMhSwxPFUGaIUWXx/2BTZ+6sHCKdSllO6fELOY4l mTcvJc9APVOFsD9/QYRxIoWKauIuukJOWwtnHIqdRrWYbpLmQTs8uUyhuOCzt4iPqxnf CXkIbXUHC06wCoJ6QnubtdiOFlxkcmMpiI3Fx5fLhMTJNNZFEs/ebKwDk96BMxYUYeDq 25ytTBaJX3cC3qT8bkAnWAvkMBbVNlHExzjMCqB8ULUwoeX3qQGAMs6cpolhxlJowx/S sg4Q==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773379137; x=1773983937; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=BJrRJ42PbatpMd4/zVeZ8gpbXHelOC9TIzuJL/cDRyc=; b=dMER50+gJ0ZpQg2LcYv5hDy6K/ApIR7tyYHDgPFnOiwM3F5RVv9TtifvY0Wow4dg6L sizMj7HnweWv88fNoyU6TCe/9r4Lhaa94qxXyu1Qsi3qb7DaLiV7FguN4Pec48pD29yT 0uEzxpo/+4WbtCdsdmrJ6Hz1j1trPoXu4wUzq5AbjPOG34tbn0fSa47YVyXr4oZc66s+ HD4LW1GQ8n+6cvmh8nzm9cxhJ6+Y3oCg2UrJ40lHNfzHwzF76N4rrwW1alHCQzcUTiO9 8KUjN9ucyjqmyZqCcpX5dkH96wP8f0eUbElAGNal0sQlvh3oRM5tOQTgAyv9zeMATTeR HRFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773379137; x=1773983937; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=BJrRJ42PbatpMd4/zVeZ8gpbXHelOC9TIzuJL/cDRyc=; b=EmTDA+QeZ3x5kCk6os5+X5PS2kJOJ/1KSahr3ARjfbaDs5/1IPXtZqSkM954h+nVWM 26fcqOR3ouUW+GSOBD7UOgSZd358KLLRQQYIAfEakYblDvzlWbrJnP+wLpCBE2I5m3j/ tClHoFcDZyHPl1W3RTLBScHuRd1NzDtuTSIpoPlvGMz4pTjUjFsEb9LYM5u8phnn38IT VEkq+xAwT97ijNm7rdtbUuJsSviRZsv7LFRujYb4PCP7lFJVTHQpzf7Mlm0xZZ/tiEW8 ULAIWXBdkzJF7bDbmDvsT25j941f19q3Z3WVrEdhpFaSlCoGu01VrMG1OkGzye2NFSe1 2Rwg==
X-Forwarded-Encrypted: i=1; AJvYcCV79UsiD938olevwyMEqjjx6SP/aILRS0q4EZlsHGSHpIZNWbB9J4EBiZu5jTNB7cIckEx8@ietf.org
X-Gm-Message-State: AOJu0YwgmDSMWujMUBR+amPFWyE3GRgkK9k7zmEEau6fLgyApd4Cbv8i ohyGUkiIsQjz0CHG8mhTUQcrDN8M23PdZwReya2dOLBuiQ5Qy5l8qKvpnFEzqonjhqqKdKyx/PZ p8BnF9+z2ecyvR2QWk93knDatk370c2GcXA==
X-Gm-Gg: ATEYQzyY4Wo+yo75gVaLkHuhqMQeKDWHirvW+9b7svVjOYyZos3GSwU9z3Zm9IohIZ7 9FRHFRijK6qIfU807qvRGOsvu46YaOJSOaZc56c59uhhc4eQ/riQy493J6Rl8RRRpVuRZHCLpzJ 1t+23OKp3c20eT2kxDJeSpCJeOv/1NqDReOBacuPvAktAp4TMvx/3HUexa2YJj0S1qqlRZDqz2N NI78JJjS6icTwaEnFVu6p8uDeOiGy4q8uNR72ogikF2E+4ixjZ+RSXALnjpnXGIfOUlcCeaXnbh bWe5KvxdrmDIBqOpmRBK
X-Received: by 2002:a05:6820:f030:b0:67b:a91f:8f05 with SMTP id 006d021491bc7-67bda9b8dcemr1435826eaf.24.1773379136611; Thu, 12 Mar 2026 22:18:56 -0700 (PDT)
MIME-Version: 1.0
References: <CAF8qwaApZbT5C1q3-g5yTPxYJTuJeZqMgb=_Gu=hqYRnrtiJkA@mail.gmail.com> <abMdm49TFzXz5K4H@LK-Perkele-VII2.locald> <CAF8qwaCfV8G52oGMbuktBZ_-mvmaPghD5Zi_eZpdrad_+E3R4Q@mail.gmail.com>
In-Reply-To: <CAF8qwaCfV8G52oGMbuktBZ_-mvmaPghD5Zi_eZpdrad_+E3R4Q@mail.gmail.com>
From: Mike Ounsworth <ounsworth+ietf@gmail.com>
Date: Fri, 13 Mar 2026 00:18:45 -0500
X-Gm-Features: AaiRm52SJ3oknqluRlXsK3eKb1LfmI6hD3byWtYstRv4ExzYcrPwy1Bal5CwZvc
Message-ID: <CAKZgXHp3_EhLRQkwn79JK0p=cAC_816RYzmU=Y-sFQer16WCcg@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>
Content-Type: multipart/alternative; boundary="0000000000007d68d2064ce10161"
Message-ID-Hash: GJH7HGYPWRDXFDS5AYLFKK2HZI7ZXUID
X-Message-ID-Hash: GJH7HGYPWRDXFDS5AYLFKK2HZI7ZXUID
X-MailFrom: ounsworth@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-acme.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Ilari Liusvaara <ilariliusvaara@welho.com>, IETF ACME <acme@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Acme] Re: ACME and PLANTS
List-Id: Automated Certificate Management Environment <acme.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/BPYw5SHQy9LUgN1-9pKE5o77Wls>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Owner: <mailto:acme-owner@ietf.org>
List-Post: <mailto:acme@ietf.org>
List-Subscribe: <mailto:acme-join@ietf.org>
List-Unsubscribe: <mailto:acme-leave@ietf.org>

[Chair hat on]

Thanks for the discussion. Stepping back a bit, I think there are two
possible outcomes of the interaction between MTC and ACME: either a
draft-mtc-acme-00 is needed, or it's not. Given that this still seems to be
in the "Large design space, needs to be narrowed down" stage, and that the
right experts already seem to be engaged, I'm inclined to not put this on
the ACME agenda this go-around but please keep discussion on the list. Is
that reasonable?



On Thu, 12 Mar 2026 at 23:55, David Benjamin <davidben@chromium.org> wrote:

> On Fri, Mar 13, 2026 at 4:10 AM Ilari Liusvaara <ilariliusvaara@welho.com>
> wrote:
>
>> On Fri, Mar 13, 2026 at 01:53:09AM +0800, David Benjamin wrote:
>>
>> >
>> > The draft has an initial pass at how to put them together here.
>> Happily, it
>> > seems ACME is already rich enough to express what MTC needs, with fairly
>> > minimal additions/guidance:
>> >
>> >
>> https://www.ietf.org/archive/id/draft-ietf-plants-merkle-tree-certs-02.html#name-acme-extensions
>>
>> I presume the logical ACME server used and profile (if any) in order
>> creation determines if order will result MTC or traditional X.509
>> certificate?
>>
>
> Yup. You can think of MTCs as "just" a very funny signature scheme for
> signing certificates. So it's all flavors of picking which CA instance to
> respond with, whether a MTC CA instance vs a traditional CA instance, or a
> PQ CA instance vs an ECDSA CA instance.
>
>
>> Also, using different content-type does not seem necessary. The
>> properties can be included as PEM member of new type. Any client that
>> can install MTC certificate can parse such member.
>>
>
> RFC 8555 describes a subset of general PEM, even if practically everyone
> will run it through a general, permissive PEM parser.
> https://www.rfc-editor.org/rfc/rfc8555.html#section-9.1
>
> The text reads to me as being inextensible ("A file of this type contains
> one or more certificates encoded with the PEM textual encoding"), which
> suggests a new MIME type would be prudent. But if I'm misreading and
> application/pem-certificate-chain is actually meant to be extensible, we
> can flip that around. Whatever folks prefer.
>
>
>> Then, that idea of how to distribute landmark certificates is
>> not going to work, because it is far too difficult for clients to
>> implement (due to asynchronous issuance).
>>
>> I suppose the easiest method of dealing with distribution of landmark
>> certificates is unauthenticated GET from somewhere...
>>
>
> Hmm. I'm somewhat unclear on why saving one URL to resume later, vs saving
> another URL to resume later, would be more difficult to implement for an
> ACME client, but I'm sure my mental model is incorrect. Is it because of
> the need to authenticate download URLs? (Very, very, very) naively, I
> assumed the ACME client would wake up, look at whatever its current state
> is and decide...
> - Are my certificates soon to expire? Make a new order.
> - Do I have saved state from a pending order? Go nudge that state along,
> e.g. trying to redownload any unfinished alternate URLs.
>
> Then the server operator would glue it all together by arranging for the
> ACME client to run on a cron job. And since that cron job both has access
> to authentication and ACME state, the fact that ACME authenticates all its
> URLs is not a huge deal. A separate unauthenticated URL would suggest a
> world where the server operator has a *separate* scheduled job that's
> have the ACME account key, but does have read/write access to certificate
> state. I assumed that doesn't currently exist and we may as well piggy-back
> off the existing job schedulingn.
>
> I gather this does not match how you think about this?
>
>
>> > Some context:
>> >
>> > These slides
>> > <
>> https://datatracker.ietf.org/meeting/124/materials/slides-124-plants-solution-space-and-dispatched-work-00
>> >
>> > from the BoF are a good starting point for how MTC works. The ACME
>> > interaction is that, for each certificate request, an MTC CA returns two
>> > certificates: a “standalone certificate” (large, immediate, generally
>> > usable) and a “landmark certificate” (small, delayed, not generally
>> usable,
>> > optional). The CA...
>> >
>> > 1. Validates the certificate request.
>> > 2. Appends the information to a log, signs it, etc. This step
>> constitutes
>> > issuance.
>> > 3. Constructs a standalone certificate that serves as proof of this
>> > issuance.
>> > 4. Waits some time (hours) for a “landmark” to be allocated.
>> > 5. Constructs a landmark certificate that serves as an alternate proof
>> of
>> > this same issuance.
>> >
>> > MTC wants a way to configure ACME to deliver both certificates (one
>> > immediately and one that the ACME client can optionally retrieve later,
>> > after some delay), along with any metadata needed for the TLS server
>> (etc)
>> > to select between the two.
>>
>> ACME is not suited for delivering the landmark one due to too high
>> latency.
>>
>>
>> > The current proposal is to use ACME's existing alternate URLs feature,
>> > modeling the delay with the HTTP Retry-After header from RFC 9110.
>> (Another
>> > option is to make multiple orders. That would let us model the delay
>> with
>> > the "processing" status, but since it’s one validation and issuance
>> event,
>> > one order + alternate URLs seemed a better fit.)
>>
>> Multiple orders would be a major mess. And "processing" status also has
>> to be relatively quick, as ACME clients can not deal with high latency
>> there.
>>
>>
>>
>>
>> -Ilari
>>
>> _______________________________________________
>> Acme mailing list -- acme@ietf.org
>> To unsubscribe send an email to acme-leave@ietf.org
>>
> _______________________________________________
> Acme mailing list -- acme@ietf.org
> To unsubscribe send an email to acme-leave@ietf.org
>