Re: [Acme] Proposed ACME Charter Language

"Salz, Rich" <rsalz@akamai.com> Sat, 02 May 2015 22:21 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4096D1A90C9 for <acme@ietfa.amsl.com>; Sat, 2 May 2015 15:21:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.312
X-Spam-Level:
X-Spam-Status: No, score=-2.312 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YAag-yzwKvAD for <acme@ietfa.amsl.com>; Sat, 2 May 2015 15:21:05 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (prod-mail-xrelay02.akamai.com [72.246.2.14]) by ietfa.amsl.com (Postfix) with ESMTP id AB17D1A90C8 for <acme@ietf.org>; Sat, 2 May 2015 15:21:05 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (localhost [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 887D528669; Sat, 2 May 2015 22:21:04 +0000 (GMT)
Received: from prod-mail-relay06.akamai.com (prod-mail-relay06.akamai.com [172.17.120.126]) by prod-mail-xrelay02.akamai.com (Postfix) with ESMTP id 74F5728668; Sat, 2 May 2015 22:21:04 +0000 (GMT)
Received: from email.msg.corp.akamai.com (ecp.msg.corp.akamai.com [172.27.123.33]) by prod-mail-relay06.akamai.com (Postfix) with ESMTP id 6F20C202D; Sat, 2 May 2015 22:21:04 +0000 (GMT)
Received: from USMA1EX-DAG1MB4.msg.corp.akamai.com (172.27.123.104) by usma1ex-dag1mb5.msg.corp.akamai.com (172.27.123.105) with Microsoft SMTP Server (TLS) id 15.0.913.22; Sat, 2 May 2015 18:21:03 -0400
Received: from USMA1EX-DAG1MB4.msg.corp.akamai.com ([172.27.123.104]) by usma1ex-dag1mb4.msg.corp.akamai.com ([172.27.123.104]) with mapi id 15.00.0913.011; Sat, 2 May 2015 18:20:45 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: "Dr. Pala" <director@openca.org>
Thread-Topic: [Acme] Proposed ACME Charter Language
Thread-Index: AQHQe34a4GgjPor2uU27hdlsHinWgp1WTZyAgAADz4CAAAJrAIAAAYiAgAgdF4CACsqBAIAAFpvA
Date: Sat, 2 May 2015 22:20:45 +0000
Message-ID: <7bdd06af773e47679dca8827aacdedba@usma1ex-dag1mb4.msg.corp.akamai.com>
References: <6A9C3116-8CC9-472C-8AA8-F555D060834C@vigilsec.com> <55351EAB.1060905@cs.tcd.ie> <E81896AA-245F-48B7-9B38-86AC30D2F82A@vigilsec.com> <553523E4.2090808@cs.tcd.ie> <84718B26-1DA3-4D46-8B6F-B615806229D7@vigilsec.com> <CABcZeBOy2yBEMGMxcDy=E3fvc+OF1sZfvOV7twJHAvKqtrxtLg@mail.gmail.com> <D7F0C45A-B514-41A2-A220-5B6601BE582F@openca.org>
In-Reply-To: <D7F0C45A-B514-41A2-A220-5B6601BE582F@openca.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.19.32.79]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/GPk220adQicNIde0XPDsO7swrck>
Cc: IETF ACME <acme@ietf.org>
Subject: Re: [Acme] Proposed ACME Charter Language
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 May 2015 22:21:07 -0000

Max,

The PKIX WG is dead.

We seem to have a lot of enthusiasm, and probably a good consensus, for defining a new protocol. The target is online enrollment for servers, initially Web Servers although others can be supported.  The standard cert-request/cert data structures (i.e., PKCS 10 and 7) will be supported. 

As for defining where and why existing protocols do not work, we are taking it as an axiom that since none of gotten widespread internet deployment, they've failed.  Can anyone argue otherwise?  Sure, there are protocols and implementations and use, but they seem to be only particular products.

Am I wrong?  Is there an on-line certificate enrollment protocol that, say, multiple CA's support?

	/r$