Re: [Acme] ACME or EST?

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 26 November 2014 00:34 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 590701A89B3 for <acme@ietfa.amsl.com>; Tue, 25 Nov 2014 16:34:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oVjpxyRILcBR for <acme@ietfa.amsl.com>; Tue, 25 Nov 2014 16:34:23 -0800 (PST)
Received: from mail-lb0-x22b.google.com (mail-lb0-x22b.google.com [IPv6:2a00:1450:4010:c04::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABEE31A89BB for <acme@ietf.org>; Tue, 25 Nov 2014 16:34:22 -0800 (PST)
Received: by mail-lb0-f171.google.com with SMTP id n15so1576595lbi.2 for <acme@ietf.org>; Tue, 25 Nov 2014 16:34:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=NenS4k7d+BeitIUf3f8TYVj7hqhtxcm/8WoZBFQmZxw=; b=rQQ2MpGRKjEWL4Iml1w7/hLvDNoRv853vFkP+OGa2aV67wdRgrGeFdTgzF/2Drs/6R gh9QgACL2cmrO6AGd+LngNcNIq3CtvL6oJg/lrhmmFPMaliVvcRruo1m8HWMbx+DGazJ tx8eWhuL9NpkpXnp2H0QdfDJFkf3EA40IPC/4njxX0PEPJ3XRu63uRZrQVAiIKXPDYSL g0eWK9c2yEn7wzjs/YYHDZJNysRcEKcRaYssu0oy0IZLQY8KmSQHme85tvN1b20S3vsL qCKGERUbZeKvhAkyfDStzc/iFNPQQrRkU+86ajDMHgWsOr7KV2NWKBANC+jps0Bfivzf bQxQ==
MIME-Version: 1.0
X-Received: by 10.152.87.67 with SMTP id v3mr29379096laz.97.1416962061022; Tue, 25 Nov 2014 16:34:21 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.34.212 with HTTP; Tue, 25 Nov 2014 16:34:20 -0800 (PST)
In-Reply-To: <CAL02cgTgpjQffow2XuaNuT7BtqYVttXdVUgyqBFbsAbN4g0VzQ@mail.gmail.com>
References: <AD5940AA-6F01-4D0E-A4E0-19AEA56BBED3@vpnc.org> <CAL02cgTgpjQffow2XuaNuT7BtqYVttXdVUgyqBFbsAbN4g0VzQ@mail.gmail.com>
Date: Tue, 25 Nov 2014 19:34:20 -0500
X-Google-Sender-Auth: B2bNSb2fZwl7ceSmtEn1yT8acy4
Message-ID: <CAMm+Lwje44G2CZLfYJQAAR41CBw7+SCZNwdNPy+zO-VOeHZvkw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/ICRontNqZz035BTCwajdsObGn58
Cc: acme@ietf.org, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [Acme] ACME or EST?
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2014 00:34:24 -0000

How about XKMS? It has much less ASN.1, its all angle brackets.

Stephen F. knows about it, he was the WG chair.


Less ASN.1 is always good.


On Tue, Nov 25, 2014 at 4:55 PM, Richard Barnes <rlb@ipv.sx> wrote:
> A few things off the top of my head:
>
> * If nothing else, much less ASN.1.  (Cf. JOSE vs. CMS)
> * Support for other certificate management functions, e.g., revocation
> * Validation of possession of identifiers
> * Cleaner use of HTTP
>
>
>
> On Tue, Nov 25, 2014 at 4:41 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
>>
>> Greetings again. The abstract of the ACME pre-draft at
>> https://github.com/letsencrypt/acme-spec (which Richard will hopefully
>> publish as a real draft soon) says:
>>
>>    This
>>    document describes a protocol that a certificate authority (CA) and a
>>    applicant can use to automate the process of verification and
>>    certificate issuance. The protocol also provides facilities for
>>    other certificate management functions, such as certificate
>>    revocation.
>>
>> This overlaps a lot with "Enrollment over Secure Transport" (EST),
>> <https://tools.ietf.org/html/rfc7030>.
>>
>> For many people who saw last week's announcement, the main use case of
>> ACME is "make it easy to create a client that can create a key, get it
>> enrolled with a server, get the new certificate back, and install that
>> certificate in a web server". What does/will ACME offer that EST does not
>> already?
>>
>> --Paul Hoffman
>> _______________________________________________
>> Acme mailing list
>> Acme@ietf.org
>> https://www.ietf.org/mailman/listinfo/acme
>
>
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>