Re: [Acme] Considerations about ACME BoF

Warren Kumari <warren@kumari.net> Tue, 31 March 2015 18:03 UTC

Return-Path: <warren@kumari.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A900F1A87C5 for <acme@ietfa.amsl.com>; Tue, 31 Mar 2015 11:03:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YxYXJ6OqIR26 for <acme@ietfa.amsl.com>; Tue, 31 Mar 2015 11:03:13 -0700 (PDT)
Received: from mail-wi0-f177.google.com (mail-wi0-f177.google.com [209.85.212.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8F001A8855 for <acme@ietf.org>; Tue, 31 Mar 2015 11:03:10 -0700 (PDT)
Received: by wixo5 with SMTP id o5so23029546wix.1 for <acme@ietf.org>; Tue, 31 Mar 2015 11:03:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=wdWiY29fNRV3xbTwu25SJJiHRXC8oywdFfpL6l+BxcE=; b=EcAQT8kHhAURcJGc93kLnepBFh1UHks3DJ8NNqHA95q2wpOj0EGaPuDqt73Wvdt0oj 0ct4CZ8PnQWuUytYh1y10y9aPdIVlb8F80ryxNy4hbVMKJcwUz6wLIM1Kvmq3UZSoKsL sXMeZWfWHfeRbmjbK+GAf+oOkG6yy8xU3bl89bfTSb4Kctu3m5T+jum5pN6YvWgUxMpc ZtDE2b9hram8VGslRY4lmsCRIrOdULYJZNg1tibp6pnXHfvqNotrGdJsnFdKskFZf+w2 gHOuTvnM8hNqUtel7/CeMz1oXST8fI41sG9i2NYbPw6EuVNmLPMiwFnkyQm1fvbsvO7R ml1w==
X-Gm-Message-State: ALoCoQlQyoz8xBRR20knwcGu/I6VgQx982xv65sO3tIqvGcuRChqF8C+KJOH/ZIggoxB6uQin+Ja
MIME-Version: 1.0
X-Received: by 10.180.231.40 with SMTP id td8mr7460675wic.89.1427824989380; Tue, 31 Mar 2015 11:03:09 -0700 (PDT)
Received: by 10.194.110.97 with HTTP; Tue, 31 Mar 2015 11:03:09 -0700 (PDT)
In-Reply-To: <551AB753.7030206@gmail.com>
References: <551569F6.8020507@openca.org> <55157164.80805@cs.tcd.ie> <5519A5B6.9010707@DigiCert.com> <551A162F.9020105@gmail.com> <551A5937.1070608@DigiCert.com> <551AB753.7030206@gmail.com>
Date: Tue, 31 Mar 2015 14:03:09 -0400
Message-ID: <CAHw9_iKCS8i=GGrebF+2pCm_TB5bKm1o=xrB7HOpKZ4QnnCRrQ@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/Ie9UVIqy-duLtGxy9pRYKkOE-ro>
Cc: Scott Rea <Scott.Rea@digicert.com>, acme@ietf.org
Subject: Re: [Acme] Considerations about ACME BoF
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2015 18:03:20 -0000

On Tue, Mar 31, 2015 at 11:03 AM, Yaron Sheffer <yaronf.ietf@gmail.com> wrote:
> Hi Scott,
>
> On 03/31/2015 01:22 AM, Scott Rea wrote:
>>
>> G'day Yaron,
>>
>> I will make 2 brief observations:
>>
>> a) Max and I actually proposed some usability focused work around TLS
>> certs to the PKIX WG about 6 or 7 years ago, when PKIX was still going
>> strong, and we were told that usability is not the purvey of IETF, its
>> purely bits on the wire. So when did IETF morph from bits on the wire to
>> now include usability?
>>
> The IETF works on bits on the wire that are necessary to achieve business
> goals. And those goals certainly include usability.

... the IETF also works on what the participants in the WG happen to
decide is interesting to them.

Perhaps 6 or 7 years ago the participants in the PKIX WG simply didn't
like your proposal, and decided that they didn't want to work on it.
The "usability isn't the perview of the IETF" may have simply been a
politer way of saying "ick".

I have an idea for protocol that is unusable, and doesn't really
benefit anyone. The protocol is simply bits on the wire; it doesn't
necessarily follow that the IETF will want to work on it :-P


W


>
>> b) Getting a server certificate for a cloud server within seconds, and
>> with no manual intervention is possible today with a little scripting on
>> the server and an appropriate API from one of the existing CAs. If your
>> current provider cannot do that for you, then I suggest you shop around
>> a little.
>
>
> I tried that and failed, I guess I should try some more. But anyway, as a
> customer I would like a standard interface so that this "little scripting"
> doesn't lock me into a single vendor.
>
>>
>> Regards,
>> _Scott
>>
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf