Re: [Acme] ACME or EST?
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 26 November 2014 00:34 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 590701A89B3 for <acme@ietfa.amsl.com>; Tue, 25 Nov 2014 16:34:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oVjpxyRILcBR for <acme@ietfa.amsl.com>; Tue, 25 Nov 2014 16:34:23 -0800 (PST)
Received: from mail-lb0-x22b.google.com (mail-lb0-x22b.google.com [IPv6:2a00:1450:4010:c04::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABEE31A89BB for <acme@ietf.org>; Tue, 25 Nov 2014 16:34:22 -0800 (PST)
Received: by mail-lb0-f171.google.com with SMTP id n15so1576595lbi.2 for <acme@ietf.org>; Tue, 25 Nov 2014 16:34:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=NenS4k7d+BeitIUf3f8TYVj7hqhtxcm/8WoZBFQmZxw=; b=rQQ2MpGRKjEWL4Iml1w7/hLvDNoRv853vFkP+OGa2aV67wdRgrGeFdTgzF/2Drs/6R gh9QgACL2cmrO6AGd+LngNcNIq3CtvL6oJg/lrhmmFPMaliVvcRruo1m8HWMbx+DGazJ tx8eWhuL9NpkpXnp2H0QdfDJFkf3EA40IPC/4njxX0PEPJ3XRu63uRZrQVAiIKXPDYSL g0eWK9c2yEn7wzjs/YYHDZJNysRcEKcRaYssu0oy0IZLQY8KmSQHme85tvN1b20S3vsL qCKGERUbZeKvhAkyfDStzc/iFNPQQrRkU+86ajDMHgWsOr7KV2NWKBANC+jps0Bfivzf bQxQ==
MIME-Version: 1.0
X-Received: by 10.152.87.67 with SMTP id v3mr29379096laz.97.1416962061022; Tue, 25 Nov 2014 16:34:21 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.34.212 with HTTP; Tue, 25 Nov 2014 16:34:20 -0800 (PST)
In-Reply-To: <CAL02cgTgpjQffow2XuaNuT7BtqYVttXdVUgyqBFbsAbN4g0VzQ@mail.gmail.com>
References: <AD5940AA-6F01-4D0E-A4E0-19AEA56BBED3@vpnc.org> <CAL02cgTgpjQffow2XuaNuT7BtqYVttXdVUgyqBFbsAbN4g0VzQ@mail.gmail.com>
Date: Tue, 25 Nov 2014 19:34:20 -0500
X-Google-Sender-Auth: B2bNSb2fZwl7ceSmtEn1yT8acy4
Message-ID: <CAMm+Lwje44G2CZLfYJQAAR41CBw7+SCZNwdNPy+zO-VOeHZvkw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/ICRontNqZz035BTCwajdsObGn58
Cc: acme@ietf.org, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [Acme] ACME or EST?
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2014 00:34:24 -0000
How about XKMS? It has much less ASN.1, its all angle brackets. Stephen F. knows about it, he was the WG chair. Less ASN.1 is always good. On Tue, Nov 25, 2014 at 4:55 PM, Richard Barnes <rlb@ipv.sx> wrote: > A few things off the top of my head: > > * If nothing else, much less ASN.1. (Cf. JOSE vs. CMS) > * Support for other certificate management functions, e.g., revocation > * Validation of possession of identifiers > * Cleaner use of HTTP > > > > On Tue, Nov 25, 2014 at 4:41 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: >> >> Greetings again. The abstract of the ACME pre-draft at >> https://github.com/letsencrypt/acme-spec (which Richard will hopefully >> publish as a real draft soon) says: >> >> This >> document describes a protocol that a certificate authority (CA) and a >> applicant can use to automate the process of verification and >> certificate issuance. The protocol also provides facilities for >> other certificate management functions, such as certificate >> revocation. >> >> This overlaps a lot with "Enrollment over Secure Transport" (EST), >> <https://tools.ietf.org/html/rfc7030>. >> >> For many people who saw last week's announcement, the main use case of >> ACME is "make it easy to create a client that can create a key, get it >> enrolled with a server, get the new certificate back, and install that >> certificate in a web server". What does/will ACME offer that EST does not >> already? >> >> --Paul Hoffman >> _______________________________________________ >> Acme mailing list >> Acme@ietf.org >> https://www.ietf.org/mailman/listinfo/acme > > > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
- [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Joe Hildebrand (jhildebr)
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Michael Jenkins
- Re: [Acme] ACME or EST? Stephen Farrell
- [Acme] first order requirement - suitable as an o… Stephen Farrell
- Re: [Acme] ACME or EST? Salz, Rich
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] ACME or EST? Joe Hildebrand (jhildebr)
- Re: [Acme] ACME or EST? Stephen Farrell
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Viktor Dukhovni
- Re: [Acme] ACME or EST? Christian Huitema
- [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Christian Huitema
- [Acme] kinds of proof (was: Re: ACME or EST?) Stephen Farrell
- Re: [Acme] kinds of proof (was: Re: ACME or EST?) Phillip Hallam-Baker
- Re: [Acme] kinds of proof Stephen Farrell
- Re: [Acme] kinds of proof Salz, Rich
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Eric Rescorla
- Re: [Acme] ACME or EST? Eliot Lear
- Re: [Acme] kinds of proof (was: Re: ACME or EST?) Viktor Dukhovni
- Re: [Acme] kinds of proof Phillip Hallam-Baker
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Nico Williams
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Tony Arcieri
- Re: [Acme] kinds of proof Eric Mill
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Christian Huitema
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Phillip Hallam-Baker
- Re: [Acme] kinds of proof Trevor Freeman
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] kinds of proof Martin Thomson