Re: [Acme] Considerations about ACME BoF
Scott Rea <Scott.Rea@DigiCert.com> Tue, 31 March 2015 08:22 UTC
Return-Path: <scott.rea@digicert.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C42E61AC3EC for <acme@ietfa.amsl.com>; Tue, 31 Mar 2015 01:22:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.212
X-Spam-Level:
X-Spam-Status: No, score=-4.212 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ytP41YnO-rf4 for <acme@ietfa.amsl.com>; Tue, 31 Mar 2015 01:22:16 -0700 (PDT)
Received: from mail.digicert.com (mail.digicert.com [64.78.193.232]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EF511A1B87 for <acme@ietf.org>; Tue, 31 Mar 2015 01:22:16 -0700 (PDT)
Message-ID: <551A5937.1070608@DigiCert.com>
Date: Tue, 31 Mar 2015 02:22:15 -0600
From: Scott Rea <Scott.Rea@DigiCert.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Yaron Sheffer <yaronf.ietf@gmail.com>, acme@ietf.org
References: <551569F6.8020507@openca.org> <55157164.80805@cs.tcd.ie> <5519A5B6.9010707@DigiCert.com> <551A162F.9020105@gmail.com>
In-Reply-To: <551A162F.9020105@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [63.248.148.11]
X-ClientProxiedBy: EX2.corp.digicert.com (10.12.0.6) To EX2.corp.digicert.com (10.12.0.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/Hj0FNSfd7p5T6AHkpeIZ1xkZrnk>
Subject: Re: [Acme] Considerations about ACME BoF
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2015 08:22:17 -0000
G'day Yaron, I will make 2 brief observations: a) Max and I actually proposed some usability focused work around TLS certs to the PKIX WG about 6 or 7 years ago, when PKIX was still going strong, and we were told that usability is not the purvey of IETF, its purely bits on the wire. So when did IETF morph from bits on the wire to now include usability? b) Getting a server certificate for a cloud server within seconds, and with no manual intervention is possible today with a little scripting on the server and an appropriate API from one of the existing CAs. If your current provider cannot do that for you, then I suggest you shop around a little. Regards, _Scott On 3/30/2015 9:36 PM, Yaron Sheffer wrote: >>>> *Overstepping the Technical Boundaries.* As it was pointed out during >>>> the BoF, the proposed initiative does not address any technical issue, >>>> but, instead, is pushing a specific BUSINESS model. I found very >>>> inappropriate the examples of "I could not get my certificates in 45 >>>> minutes.." as this is a NON argument. >>> With all due respect to Cullen, I agree:-) I think it's used as a >>> humorous anecdote basically and I've seen that done in quite a few >>> contexts in the IETF. But that one non-argument was raised is not >>> a procedural issue for me. >> I agree with Max that this should be a non-argument, and happy to hear >> that you agree Stephen >>> > > For me ACME is purely about usability, so Cullen's anecdote is > actually the only thing that matters. As a user, I want to be able to > get a server certificate for a cloud server within seconds, and with > no manual intervention. And if that breaks someone's business model, > so be it. > > And by the way, ACME with *email* certs could make S/MIME viable > again, for those of us still using mail clients. > > Thanks, > Yaron -- Scott Rea, MSc, CISSP VP GOV/EDU Relations & Sr. PKI Architect DigiCert, Inc. 2600 West Executive Parkway Suite 500 Lehi, Utah 84043 http://www.digicert.com (800) 896-7973 Em Scott@DigiCert.com Ph#(801) 701-9636 Ce#(801) 874-4114
- [Acme] Considerations about ACME BoF Massimiliano Pala
- [Acme] ***UNCHECKED*** Re: Considerations about A… Stephen Farrell
- Re: [Acme] Considerations about ACME BoF Stephen Farrell
- Re: [Acme] Considerations about ACME BoF Anders Rundgren
- Re: [Acme] Considerations about ACME BoF Massimiliano Pala
- Re: [Acme] ***UNCHECKED*** Re: Considerations abo… Martin Thomson
- Re: [Acme] ***UNCHECKED*** Re: Considerations abo… Stephen Farrell
- Re: [Acme] ***UNCHECKED*** Re: Considerations abo… Daniel Kahn Gillmor
- Re: [Acme] Considerations about ACME BoF Leif Johansson
- Re: [Acme] Considerations about ACME BoF Salz, Rich
- Re: [Acme] Considerations about ACME BoF Scott Rea
- Re: [Acme] Considerations about ACME BoF Stephen Farrell
- Re: [Acme] Considerations about ACME BoF Scott Rea
- Re: [Acme] Considerations about ACME BoF Leif Johansson
- Re: [Acme] Considerations about ACME BoF Eric Rescorla
- Re: [Acme] Considerations about ACME BoF Jeremy Rowley
- Re: [Acme] Considerations about ACME BoF Martin Thomson
- Re: [Acme] Considerations about ACME BoF Yaron Sheffer
- Re: [Acme] Considerations about ACME BoF Scott Rea
- Re: [Acme] Considerations about ACME BoF Richard Barnes
- Re: [Acme] Considerations about ACME BoF Salz, Rich
- Re: [Acme] Considerations about ACME BoF Yaron Sheffer
- Re: [Acme] Considerations about ACME BoF Phillip Hallam-Baker
- Re: [Acme] Considerations about ACME BoF Warren Kumari
- Re: [Acme] Considerations about ACME BoF Phillip Hallam-Baker
- Re: [Acme] Considerations about ACME BoF Leif Johansson
- Re: [Acme] Considerations about ACME BoF Massimiliano Pala