Re: [Acme] Fwd: New Version Notification for draft-mattsson-acme-use-cases-00.txt
Bernd Eckenfels <ecki@zusammenkunft.net> Tue, 10 March 2015 00:04 UTC
Return-Path: <ecki@zusammenkunft.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF82E1ACE0C for <acme@ietfa.amsl.com>; Mon, 9 Mar 2015 17:04:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MmxD_t-apvwd for <acme@ietfa.amsl.com>; Mon, 9 Mar 2015 17:04:20 -0700 (PDT)
Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39D801ACE22 for <acme@ietf.org>; Mon, 9 Mar 2015 17:04:20 -0700 (PDT)
Received: by wibbs8 with SMTP id bs8so26155101wib.4 for <acme@ietf.org>; Mon, 09 Mar 2015 17:04:19 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:mime-version:content-type:content-transfer-encoding; bh=XXxjAMYXGbkitrLNjUC0JRmMih05KgXI0uG6uSkMN3g=; b=df1wrri1Q/fRYSHWVSL6UJRrJfSy9Rtm4l8OlZI5I/bgU+iRRhd3udOJNm8uA8U8SC KMe20QZiYtxFHIDVtH88YusQRSCpX680JYX5x41+vhoQBQ6QyDXfYnmJw0ugieA5pqML iMFYWl+EFk289+Na15W/5H0sQV/NI4+XNE4i3qUXABOXFudvWFZe71wNCIRdfZON5IfE dD3BYRlahzH74bQdGdFpX+GF/g8Eqi8v1kOFG7skEhyNHgk9X4yKeVBhN2wlXLA2ypj0 qW0OMtIOGmnTgWeYOcrE80dqDwIxaXj5g9em0UY6aDgfrp0l8RVPm+WWVnFym+Abe2XG gDaw==
X-Gm-Message-State: ALoCoQnJXpYklJfwPvyv+RZbdqTN3VuY7pPrTSIMlv9e5vXfxpF5mqyX3ojMSFx+dJnErMa7L0nD
X-Received: by 10.180.85.103 with SMTP id g7mr105445330wiz.19.1425945859065; Mon, 09 Mar 2015 17:04:19 -0700 (PDT)
Received: from localhost (HSI-KBW-046-005-194-024.hsi8.kabel-badenwuerttemberg.de. [46.5.194.24]) by mx.google.com with ESMTPSA id s19sm1379075wik.18.2015.03.09.17.04.18 for <acme@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Mar 2015 17:04:18 -0700 (PDT)
Date: Tue, 10 Mar 2015 01:04:15 +0100
From: Bernd Eckenfels <ecki@zusammenkunft.net>
To: acme@ietf.org
Message-ID: <20150310010415.000059e3.ecki@zusammenkunft.net>
In-Reply-To: <54FE12A8.8090108@comodo.com>
References: <20150309195754.10053.23071.idtracker@ietfa.amsl.com> <A8DC2625-13D7-4DDF-A4F0-DD288495DBEF@ericsson.com> <54FE12A8.8090108@comodo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/CY1eQef1uvZ5ZCprhil92BiuilA>
Subject: Re: [Acme] Fwd: New Version Notification for draft-mattsson-acme-use-cases-00.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2015 00:04:23 -0000
Hello, I don't think it is a good idea to add any functionality which tries to move/copy the private key (and with some hardware protection it should also not possible). And it is not really needed. Just request a new one. The ACME credentials might be transported, but I am not sure you want to do that via untrusted (ACME) servers... Gruss Bernd Am Mon, 09 Mar 2015 21:37:44 +0000 schrieb Rob Stradling <rob.stradling@comodo.com>: > John, how would a "newly deployed HTTPS server replacing or > complementing an existing HTTPS server" obtain a copy of the private > key that is associated with the "existing certificate" that it > desires to "import" ? > > IINM, whilst the current ACME draft handles proving possession of a > private key, there's no mechanism for backing up a private key to an > ACME server and/or for transferring a private key from one ACME > client to another ACME client. > Do you think ACME should provide these facilities? > If not, is there any real gain to adding your proposed "Certificate > Download" function, given that there would presumably be just as many > "people flying back and forth just to manually transfer" private keys? > > Thanks. > > On 09/03/15 20:37, John Mattsson wrote: > > Hi all, > > > > I strongly support the ACME work. Certificate management is > > something that really benefits from standardization and > > automatization. > > > > We have some additional use cases that we think should be included > > and that clearly falls into the ACME use case "obtaining > > certificates for Web sites". > > > > I wrote a short draft that illustrates the scenarios. Please > > comment. Would be happy to give a short (5min?) presentation at the > > BoF. > > > > Cheers, > > > > John > > > >> Begin forwarded message: > >> > >> *From: *<internet-drafts@ietf.org > >> <mailto:internet-drafts@ietf.org>> *To: *John Mattsson > >> <john.mattsson@ericsson.com <mailto:john.mattsson@ericsson.com>>, > >> John Mattsson <john.mattsson@ericsson.com > >> <mailto:john.mattsson@ericsson.com>>, Robert Skog > >> <robert.skog@ericsson.com <mailto:robert.skog@ericsson.com>>, > >> "Robert Skog" <robert.skog@ericsson.com > >> <mailto:robert.skog@ericsson.com>> *Subject: **New Version > >> Notification for draft-mattsson-acme-use-cases-00.txt* > >> *Date: *9 Mar 2015 20:57:54 CET > >> > >> > >> A new version of I-D, draft-mattsson-acme-use-cases-00.txt > >> has been successfully submitted by John Mattsson and posted to the > >> IETF repository. > >> > >> Name:draft-mattsson-acme-use-cases > >> Revision:00 > >> Title:Additional Use Cases for Automatic Certificate Management > >> (ACME) Document date:2015-03-09 > >> Group:Individual Submission > >> Pages:6 > >> URL: > >> http://www.ietf.org/internet-drafts/draft-mattsson-acme-use-cases-00.txt > >> Status: > >> https://datatracker.ietf.org/doc/draft-mattsson-acme-use-cases/ > >> Htmlized: > >> http://tools.ietf.org/html/draft-mattsson-acme-use-cases-00 > >> > >> > >> Abstract: > >> Contacting a CA is just one way in which a newly deployed HTTPS > >> server can get hold of the certificate to use. This document > >> describes additional (and common) use cases that fall into the > >> major guiding use case for ACME as stated by [I-D.barnes-acme], > >> "obtaining certificates for Web sites". > >> > >> > >> > >> > >> Please note that it may take a couple of minutes from the time of > >> submission > >> until the htmlized version and diff are available at tools.ietf.org > >> <http://tools.ietf.org>. > >> > >> The IETF Secretariat > >> > > > > > > > > _______________________________________________ > > Acme mailing list > > Acme@ietf.org > > https://www.ietf.org/mailman/listinfo/acme > > >
- Re: [Acme] New Version Notification for draft-mat… John Mattsson
- [Acme] Fwd: New Version Notification for draft-ma… John Mattsson
- Re: [Acme] Fwd: New Version Notification for draf… Rob Stradling
- Re: [Acme] Fwd: New Version Notification for draf… Bernd Eckenfels
- Re: [Acme] Fwd: New Version Notification for draf… Rob Stradling
- Re: [Acme] Fwd: New Version Notification for draf… Phillip Hallam-Baker