IETF Logo Mail Archive

Re: [Acme] acme in a firewalled environment

Phillip Hallam-Baker <phill@hallambaker.com> Tue, 02 December 2014 18:40 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A01DF1A6F0D for <acme@ietfa.amsl.com>; Tue, 2 Dec 2014 10:40:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fVS8cIPlRX_q for <acme@ietfa.amsl.com>; Tue, 2 Dec 2014 10:40:16 -0800 (PST)
Received: from mail-la0-x236.google.com (mail-la0-x236.google.com [IPv6:2a00:1450:4010:c03::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73DD01A1BD4 for <acme@ietf.org>; Tue, 2 Dec 2014 10:40:16 -0800 (PST)
Received: by mail-la0-f54.google.com with SMTP id pv20so6529893lab.27 for <acme@ietf.org>; Tue, 02 Dec 2014 10:40:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=YJy41/faOkog6CVQEDKcyIvIeLsqflRfjJ6jkVCTs4E=; b=ut35csurGTT2GBWmdyWQkj3HCClYUsmV1J/Y6xwSCoNiYDie3zHC9Oj7PEBHLOsqaq zouDdaLwwiPmJnkL9DC0fSGDK3BZ4xsnrlXRcouYF7+lhhr9UNYxLMpNdUrGnVDZoqBK mjxTLv5yhKVFZ3fJQfTsH0rXLxkgbbZhR4f1p/Zjg/pyhU6O+CZU4D0161y4LQVl8FdR 1szGdrrnRguv8kiZ6TLW7UfM7jIQlGEdHA35hNAs2kFeq4QuF/34WR55tpwwY4FBdz5P LXhjrXv91r1L9c1yREIspIkiunRja1eFJJbTjMmZvjATbgelfd5guVAxYF9NkoUzFeQl gPaw==
MIME-Version: 1.0
X-Received: by 10.152.8.194 with SMTP id t2mr615598laa.21.1417545615007; Tue, 02 Dec 2014 10:40:15 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.19.42 with HTTP; Tue, 2 Dec 2014 10:40:14 -0800 (PST)
In-Reply-To: <CAL02cgSsLk-xjnL1bC_FbeRykMzAU8a9h-JTqUu58_ZpipCuHQ@mail.gmail.com>
References: <547DFC4B.9040408@cisco.com> <547DFE94.6090307@cisco.com> <CAL02cgSsLk-xjnL1bC_FbeRykMzAU8a9h-JTqUu58_ZpipCuHQ@mail.gmail.com>
Date: Tue, 02 Dec 2014 13:40:14 -0500
X-Google-Sender-Auth: O0tdBczHv8mMTD8g-ZWjHrlOOJc
Message-ID: <CAMm+Lwjss=jpmhiDRZ_tHy_Z5e9TjQ-Y8AqSKcKKLw1DKs11MQ@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/GveJdTHRlIGAdaREKv-UpPAN_rA
Cc: Ben Schumacher <bschumac@cisco.com>, "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] acme in a firewalled environment
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2014 18:40:17 -0000

On Tue, Dec 2, 2014 at 1:07 PM, Richard Barnes <rlb@ipv.sx> wrote:
> Presumably, your web server (or whatever server you're going to use this
> cert for) is going to need to accept incoming connections.

You assume that this is all going to be driven by the Web Server that
is going to use the certificate. That is a very limiting model.

If I am starting a cloud service, I want to be able to give it all the
data it needs to start when I tell it to spawn the virtual machine.

v2.23.0 | Report a Bug | By Email