Re: [Acme] Fwd: New Version Notification for draft-mattsson-acme-use-cases-00.txt

Rob Stradling <rob.stradling@comodo.com> Mon, 09 March 2015 21:38 UTC

Return-Path: <rob.stradling@comodo.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C16D1ABD3D for <acme@ietfa.amsl.com>; Mon, 9 Mar 2015 14:38:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fQnFtXjjHIzT for <acme@ietfa.amsl.com>; Mon, 9 Mar 2015 14:38:08 -0700 (PDT)
Received: from mmextmx2.mcr.colo.comodoca.net (mmextmx2.mcr.colo.comodoca.net [IPv6:2a02:1788:402:c00::c0a8:9cd6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3874D1A901F for <acme@ietf.org>; Mon, 9 Mar 2015 14:37:46 -0700 (PDT)
Received: (qmail 24740 invoked by uid 1004); 9 Mar 2015 21:37:45 -0000
Received: from ian.brad.office.comodo.net (HELO ian.brad.office.comodo.net) (192.168.0.202) by mmextmx2.mcr.colo.comodoca.net (qpsmtpd/0.84) with ESMTP; Mon, 09 Mar 2015 21:37:45 +0000
Received: (qmail 27046 invoked by uid 1000); 9 Mar 2015 21:37:45 -0000
Received: from and0004.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Mon, 09 Mar 2015 21:37:45 +0000
Message-ID: <54FE12A8.8090108@comodo.com>
Date: Mon, 09 Mar 2015 21:37:44 +0000
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: John Mattsson <john.mattsson@ericsson.com>, "acme@ietf.org" <acme@ietf.org>
References: <20150309195754.10053.23071.idtracker@ietfa.amsl.com> <A8DC2625-13D7-4DDF-A4F0-DD288495DBEF@ericsson.com>
In-Reply-To: <A8DC2625-13D7-4DDF-A4F0-DD288495DBEF@ericsson.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/HMLpBvLXhsuvk2UmmilHzFmyvgc>
Cc: Robert Skog <robert.skog@ericsson.com>
Subject: Re: [Acme] Fwd: New Version Notification for draft-mattsson-acme-use-cases-00.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2015 21:38:11 -0000

John, how would a "newly deployed HTTPS server replacing or 
complementing an existing HTTPS server" obtain a copy of the private key 
that is associated with the "existing certificate" that it desires to 
"import" ?

IINM, whilst the current ACME draft handles proving possession of a 
private key, there's no mechanism for backing up a private key to an 
ACME server and/or for transferring a private key from one ACME client 
to another ACME client.
Do you think ACME should provide these facilities?
If not, is there any real gain to adding your proposed "Certificate 
Download" function, given that there would presumably be just as many 
"people flying back and forth just to manually transfer" private keys?

Thanks.

On 09/03/15 20:37, John Mattsson wrote:
> Hi all,
>
> I strongly support the ACME work. Certificate management is something
> that really benefits from standardization and automatization.
>
> We have some additional use cases that we think should be included
> and that clearly falls into the ACME use case "obtaining certificates
> for Web sites".
>
> I wrote a short draft that illustrates the scenarios. Please
> comment. Would be happy to give a short (5min?) presentation at the BoF.
>
> Cheers,
>
> John
>
>> Begin forwarded message:
>>
>> *From: *<internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>>
>> *To: *John Mattsson <john.mattsson@ericsson.com
>> <mailto:john.mattsson@ericsson.com>>, John Mattsson
>> <john.mattsson@ericsson.com <mailto:john.mattsson@ericsson.com>>,
>> Robert Skog <robert.skog@ericsson.com
>> <mailto:robert.skog@ericsson.com>>, "Robert Skog"
>> <robert.skog@ericsson.com <mailto:robert.skog@ericsson.com>>
>> *Subject: **New Version Notification for
>> draft-mattsson-acme-use-cases-00.txt*
>> *Date: *9 Mar 2015 20:57:54 CET
>>
>>
>> A new version of I-D, draft-mattsson-acme-use-cases-00.txt
>> has been successfully submitted by John Mattsson and posted to the
>> IETF repository.
>>
>> Name:draft-mattsson-acme-use-cases
>> Revision:00
>> Title:Additional Use Cases for Automatic Certificate Management (ACME)
>> Document date:2015-03-09
>> Group:Individual Submission
>> Pages:6
>> URL:
>> http://www.ietf.org/internet-drafts/draft-mattsson-acme-use-cases-00.txt
>> Status: https://datatracker.ietf.org/doc/draft-mattsson-acme-use-cases/
>> Htmlized: http://tools.ietf.org/html/draft-mattsson-acme-use-cases-00
>>
>>
>> Abstract:
>>   Contacting a CA is just one way in which a newly deployed HTTPS
>>   server can get hold of the certificate to use.  This document
>>   describes additional (and common) use cases that fall into the major
>>   guiding use case for ACME as stated by [I-D.barnes-acme], "obtaining
>>   certificates for Web sites".
>>
>>
>>
>>
>> Please note that it may take a couple of minutes from the time of
>> submission
>> until the htmlized version and diff are available at tools.ietf.org
>> <http://tools.ietf.org>.
>>
>> The IETF Secretariat
>>
>
>
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690
Registered Office:
   3rd Floor, 26 Office Village, Exchange Quay,
   Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they are 
addressed.  If you have received this email in error please notify the 
sender by replying to the e-mail containing this attachment. Replies to 
this email may be monitored by COMODO for operational or business 
reasons. Whilst every endeavour is taken to ensure that e-mails are free 
from viruses, no liability can be accepted and the recipient is 
requested to use their own virus checking software.