IETF Logo Mail Archive

Re: [Acme] Proposed ACME Charter Language

Ted Hardie <ted.ietf@gmail.com> Wed, 13 May 2015 22:59 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B97421B31BC for <acme@ietfa.amsl.com>; Wed, 13 May 2015 15:59:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rwUxzRPgeQx1 for <acme@ietfa.amsl.com>; Wed, 13 May 2015 15:59:13 -0700 (PDT)
Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0C141B31A0 for <acme@ietf.org>; Wed, 13 May 2015 15:59:12 -0700 (PDT)
Received: by wicmc15 with SMTP id mc15so2481398wic.1 for <acme@ietf.org>; Wed, 13 May 2015 15:59:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=NvZHP5gOoT3yp4EZYO1xbdDfEI3OWLtaU6OCleweMn0=; b=C93+2eEdpEFvq1i6ZIEBlHwlVJ3BmC2IRt7SWGW4d/amVo3Unu+NiZTC7P8dC/TEoY X2oK8aSkyRabnZP1ySWiOOTJs+/91kNEE+BINU2L5tvjV+nPNwhCB1m2u5s7cs19NFwj MexE2ajHW/0wIkvYqSB+1B2qu2rLZTp2xvOt0FLSvfY0ym2ObOzzy9u2VT5LGOLUGWI1 9j8LGzJfO8PsO8WLfqtYnNpW7FRpLvEu+xuvOYZecoWN6AqZXzXR8tw3Oye6Hggi8as+ vNqtMS+FRO8t72nfzwdEqymCWR+oO/7LW0i5dr1eA4x6lP92Op8UQEXrRdeeSNoD0d9x 5huA==
MIME-Version: 1.0
X-Received: by 10.194.185.107 with SMTP id fb11mr2185218wjc.9.1431557951334; Wed, 13 May 2015 15:59:11 -0700 (PDT)
Received: by 10.194.185.171 with HTTP; Wed, 13 May 2015 15:59:11 -0700 (PDT)
In-Reply-To: <m2617wyu1v.wl%randy@psg.com>
References: <6A9C3116-8CC9-472C-8AA8-F555D060834C@vigilsec.com> <55351EAB.1060905@cs.tcd.ie> <E81896AA-245F-48B7-9B38-86AC30D2F82A@vigilsec.com> <553523E4.2090808@cs.tcd.ie> <84718B26-1DA3-4D46-8B6F-B615806229D7@vigilsec.com> <CABcZeBOy2yBEMGMxcDy=E3fvc+OF1sZfvOV7twJHAvKqtrxtLg@mail.gmail.com> <28919F11-9336-41F6-9922-4E3E2DC4E935@gmail.com> <BD7B96B1-CD50-408F-AA06-49C20AB102A6@vigilsec.com> <CA+9kkMAH+U25ZhLq1HhGFHKMAECu+Y1ZJH-h4bOrEXaUQ15LjQ@mail.gmail.com> <87d225qwbq.fsf@latte.josefsson.org> <B30EDBDF-0803-4AB0-9EBB-DD726F617C5B@vigilsec.com> <2dc5d20a27664efe994398ec508f0e7e@ustx2ex-dag1mb4.msg.corp.akamai.com> <1E6924DE-D59C-4323-9658-766937368B98@vigilsec.com> <7F45C649-4C78-441E-8649-45D0F74168C2@vigilsec.com> <m2617wyu1v.wl%randy@psg.com>
Date: Wed, 13 May 2015 15:59:11 -0700
Message-ID: <CA+9kkMA18=KBtSWnS3murcFT7tfxNAe1Oi2YFNSkhOXTPDAFTw@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Randy Bush <randy@psg.com>
Content-Type: multipart/alternative; boundary="047d7bae465e2a2ea20515fe8f3f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/CgkTDUvsa0wb3GIGSc8kd9pbVSU>
Cc: IETF ACME <acme@ietf.org>, Russ Housley <housley@vigilsec.com>
Subject: Re: [Acme] Proposed ACME Charter Language
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2015 22:59:14 -0000

On Wed, May 13, 2015 at 3:46 PM, Randy Bush <randy@psg.com> wrote:

> > The current charter language about certificate revocation could be
> > interpreted as raising the bar too high.  I suggest that we can keep
> > it simple.
> >
> > OLD:
> >
> > ACME certificate management must, in an automated manner, allow a
> > party that has previously requested a certificate to subsequently
> > request revocation of that certificate.
> >
> > NEW:
> >
> > ACME certificate management must, in an automated manner, allow an
> > authorized party to request revocation of a certificate.
>
> /me likes simple, and this revision
>
> ​I'm not sure this is actually the same requirement.  The initial aim was
for ACME to provide something like an "apt-get install" level of
simplicity; I read this as something like an "apt-get revoke" equivalent.
I think

"allow an authorized party to request revocation" may be a larger set than
then site admin envisioned in the first--it sort of depends on who the
"authorized party" is.

How about:

"ACME certificate management must provide automated methods for revocation
parallel to those use to request a certificate"?

These all pretty small tweaks, though.

​Ted​



> randy
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>

v2.23.0 | Report a Bug | By Email