[Acme] Re: Call for adoption: draft-davidben-acme-profile-sets-00 (Ends 2026-01-21)
Mike Ounsworth <ounsworth+ietf@gmail.com> Wed, 21 January 2026 18:31 UTC
Return-Path: <ounsworth@gmail.com>
X-Original-To: acme@mail2.ietf.org
Delivered-To: acme@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 4D9E1AB0DA1E for <acme@mail2.ietf.org>; Wed, 21 Jan 2026 10:31:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ge_mmX54MQsV for <acme@mail2.ietf.org>; Wed, 21 Jan 2026 10:31:23 -0800 (PST)
Received: from mail-oi1-x232.google.com (mail-oi1-x232.google.com [IPv6:2607:f8b0:4864:20::232]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 8561DAB0DA17 for <acme@ietf.org>; Wed, 21 Jan 2026 10:31:23 -0800 (PST)
Received: by mail-oi1-x232.google.com with SMTP id 5614622812f47-45c889aba0dso621807b6e.0 for <acme@ietf.org>; Wed, 21 Jan 2026 10:31:23 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1769020277; cv=none; d=google.com; s=arc-20240605; b=TWq8PfUyn3Ze7c1YdEWhxOBU6T23kkQlAzH9hciyYhURPSBe+3/+YuMsrR7sNOAYx9 cFZhMZ0FUaJHqSBOArp+FDOLwKc3NExtbFD+rBAkkgplnCjKsjN6M3mseRPzarttmeot OKHMOv87bxd2lPkBgCxHYWgsDb5x9e79jqTx9A160GkbezDoJvCbuf1muh89/IfvIR5M LnQRn0JXiRjgWOBPs49aNs59r3Bg7fcCVnRzE/akGqjoIbGVGo5qN+Y//nVLReotqCey mwOFGnevknx52u8UD9niQ+dbJRsRIJs0CvxS5soJB3Qtz/DXRBn0+rF79lB3LEOKygjU GHMQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=IoxuQPgc9EHGycElJiiV5Rvz0H4ygJJ5tTm8sCZWKbs=; fh=qbD0rqDRG6u0MRicQFa8rDCjV21El8MQZSlAqV30aOw=; b=PDoMRcvHo62IYPpFrjZWbLLOdFttdu5pSFtGyJN7Fppjc2Y50Q55/r2a73fEVIw+3v h073TrxzFexJeJaSqLUHPlQ9m6C29+1tdgFGl6sgB2v6HXmttPh5zW+gNcI3LxKXP5VB OyDqLyukilEetIKGcJEhY6ckB6wiHf69melhyaH027F32wutXLnSD8OwndomMyvXgD1a fUzR/UimBVjOLuz375KUKrgWw8tWhH64Mp972WvK4p9pFEROEULPiVUnbuWEgsg3pjBv UmWZ42SSHSv4lQ/8CAQ4G80ob4mD2kcUm7Kv3X90e0EYC/2AM6wvMOO6hEkVbx9QAiPE sF4Q==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769020277; x=1769625077; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=IoxuQPgc9EHGycElJiiV5Rvz0H4ygJJ5tTm8sCZWKbs=; b=I0owg1Pd9PKN3/wEesM7VvdQwF03XjXA1A8IjyXEvCpYM8WXFTmhEIYdFSJgxTGSoa IMaU1QKiGO7BKrW8eGI0QppD+qevUkYxiJJ7+S3wAm+S/7+Hx2zSmtrGPJM2kgh2JXUd 3UlqKCw0ZlYrLhcNJhxLz+rPpFXiw53BxM+TTNdM0h9KfyJC+NU2HEBSf/Z2tvzy+fv9 SsMOyFSFnpT9smBNQmV7Cz9Eh0KmI4iasPIdss3z4zreuUw3X4AbxKA7RNZcGVf2c1FC EhBohafbm56hMj/M4uidyMBLoF/a/FZXi9VM15TcAxNEjh1vkvOTV3cngSCWWvpWB41S gP9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769020277; x=1769625077; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=IoxuQPgc9EHGycElJiiV5Rvz0H4ygJJ5tTm8sCZWKbs=; b=r1Ugo7u+ro0bhlQXkPD/1abg1r+vwYTeVOphKeA21h2mYXIjGmXxhMPs3ugk1sJvK4 EOeUO2N+Vnt0N6k3eyDAvLAKlB14MQhkOVTrz/RTj35TlsPMKMA0HHjo7GyYZZwBPHVx 8z9Uj9RlGak4N4bBlGlm1FhlBR0hBr+4JHV5y9tBOso/RXi+Qx6SR69r7TISUT8VGAOe m9CippdIS8OctAsFcehCajbIrQUiH9nZKY1jQfAaFVLxLa8kmmTeaohh6qrcuZlRL2Xo zm0GfP4tVn2XoRRNwacmtNFRBvDAPPpIJpiTWOiRrRQpWAWaYCrTK+DTlDqPZyjCPeAV TL0w==
X-Forwarded-Encrypted: i=1; AJvYcCXkALw7BikZjaDMu7eVqqhkUc1QyfP2QDzBoF7JjmkSJ3lkWbH/vWme8k810FEkeAJeORtB@ietf.org
X-Gm-Message-State: AOJu0YwMN38GbkGu4G83hTekoDmGrheljVmASNw28NslGf+cCcS817XL KfqQK2NL+E/lt/LcefRmTq2mccHE13MNUMVRaOW2/dw4f4KvLW/JQbRlWKYvrHJYTLibCLrNFXH oHToZtl9FptjgPZa5g4yaWpinHyGy/o0=
X-Gm-Gg: AZuq6aL9rJdcKPFG989bHBkKa9Pcb58IRp7+xTmZd7ARB1maj7gGVwR0kO7b0KPuhbJ 6hlkkRkG3OEWubp7k80kPT5kU9j5Wgqy4kigM5iJy2W1tebCa9ZUfPTI+0XvABLm6F8h8JRcQXc bIIrCtn49JliD2iJFx5ElU7suiqmRa3/7LS+f3jRIIRuAZwbWf5+CaKjQVjwAs7YRyrey5NtQmA XdsXHb0PtqwRAaTVbgPc6IyNNfBm8LuUK4N0MSL1uUnh4mw0y8b6arvlcZFXtakPYKrTqPQlA==
X-Received: by 2002:a05:6820:4a8e:b0:661:8a3:ad19 with SMTP id 006d021491bc7-662c1c0844emr169621eaf.30.1769020276988; Wed, 21 Jan 2026 10:31:16 -0800 (PST)
MIME-Version: 1.0
References: <176782035446.3829944.17475670312912489816@dt-datatracker-5656579b89-p6k4r> <24181.1767891597@obiwan.sandelman.ca> <CAF8qwaA_YoS88c+wdijQ_L7enhTqJR2mfA5qPtxK0i4Zp9iMKA@mail.gmail.com> <30891.1767983578@obiwan.sandelman.ca> <CAEmnErccNVo1gK6OiTxghSb12bd=JZdh1N-zGzfEAcF7FnDHyA@mail.gmail.com> <29993.1768065536@obiwan.sandelman.ca>
In-Reply-To: <29993.1768065536@obiwan.sandelman.ca>
From: Mike Ounsworth <ounsworth+ietf@gmail.com>
Date: Wed, 21 Jan 2026 12:31:05 -0600
X-Gm-Features: AZwV_QiVwZMdok2zNKtfkpZ2E7d9eZnIvbq9E9MU263-NYNiA1Oh1_48aKTkjSw
Message-ID: <CAKZgXHoqxW76ZkexnztWtsuYB+sfoASMiVJQgQeSw=mU6U+Czw@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Content-Type: multipart/alternative; boundary="00000000000035e1990648ea21fb"
Message-ID-Hash: SCW73T6CYOA2IFGTAEKQVEB5OI2ZX23V
X-Message-ID-Hash: SCW73T6CYOA2IFGTAEKQVEB5OI2ZX23V
X-MailFrom: ounsworth@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-acme.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Aaron Gable <aaron@letsencrypt.org>, acme@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Acme] Re: Call for adoption: draft-davidben-acme-profile-sets-00 (Ends 2026-01-21)
List-Id: Automated Certificate Management Environment <acme.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/JAoyUSelFCiE_His0Iwl83p3QcA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Owner: <mailto:acme-owner@ietf.org>
List-Post: <mailto:acme@ietf.org>
List-Subscribe: <mailto:acme-join@ietf.org>
List-Unsubscribe: <mailto:acme-leave@ietf.org>
[still chair-hat off]
Aaron said:
> This is exactly what happens today. If a client submits a CSR containing
an unacceptable key algorithm, the CA rejects it with
urn:ietf:params:acme:error:badCSR and a descriptive message stating what
was wrong. ACME doesn't help clients automatically figure out what key to
use. ACME Profiles doesn't help clients automatically figure out what key
to use. Why would ACME Profile Sets be expected to do so?
I think think this discussion has finally gotten to the core of the issue,
and this comment from Aaron is it.
Facts:
* The "A" in "ACME" stands for "Automated". In its design, we should be
aiming to increase automation and reduce error conditions that need human
intervention.
* There are CSRs that a CA will reject because the client key algorithm is
bad or unrecognized, such as RSA-512, or ECDSA with some custom curve, or
some wild experimental PQ algorithm.
* We can speculate about how CA/B F will handle this in the future, for
example will an RSA CA be allowed to issue certs for ML-DSA EEs? But in my
opinion we don't have enough clarity to bake these into underlying
assumptions of standards documents.
* ACME as it exists today does not allow for automation of the choice of
client algorithm -- the ACME order will fail with an error requiring human
intervention (ie you configured it wrong).
* draft-ietf-acme-profiles helps this problem because it's still static
config: if your first request against a given profile succeeded, then every
subsequent request should also succeed. IE it still fits the
"set-and-forget" paradigm. And profiles gives CAs a way to make big
breaking changes (like a new root that may not have full adoption) and put
that under a new profile, and then do the normal adoption-deprecation thing.
* draft-davidben-acme-profile-sets-00 undoes this by introducing a layer of
non-static config that the CA is free to change at any time, which I'm
afraid makes ACME no longer "set-and-forget" because the CA could, for
example, add a new profile to the profile-set, and that could cause an ACME
Client to blow up, requiring manual intervention and leaving your TLS
servers without certs.
So my personal opinion is that DavidBen has presented an interesting
problem -- if we imagine that in the future, TLS servers will get maximum
interop by being provisioned with multiple certs, then does it help for the
CA to advertize bundles of recommended cert profiles? But it's not clear to
me that this is a problem that needs to be solved. And even if the problem
statement is sound, I fear that the proposed solution introduces harmful
error cases to ACME that could cause a working ACME client config to
suddenly start throwing errors and grind your prod env to a halt if the CA
changes the profile-set in a way that the ACME Client can't handle -- IE
this draft breaks the "set-and-forget" nature of ACME. So, unfortunately, I
feel that this document is not ready for adoption.
[chair hat back on]
I will circle up with my co-chair to objectively review this thread and
make an official consensus call.
On Sat, 10 Jan 2026 at 11:19, Michael Richardson <mcr+ietf@sandelman.ca>
wrote:
>
> Aaron Gable <aaron@letsencrypt.org> wrote:
> > On Fri, Jan 9, 2026 at 10:33 AM Michael Richardson <
> mcr+ietf@sandelman.ca>
> > wrote:
>
> >> Why not? Will an ACME CA sign certificates with arbitrary
> algorithms
>
> > present? Can I have DSA-768? Or RSA-8192 keys? Or DAGS (one of
> the
> >> defeated algorithms from PQ-round 1)? Can I use MD5 as the hash?
> >> The answer I hope, is no. So, CAs *DO* determine what keys are
> used.
> >> But, this profile system doesn't actually help end users know what
> to do.
> >>
>
> > This is exactly what happens today. If a client submits a CSR
> containing an
> > unacceptable key algorithm, the CA rejects it with
> > urn:ietf:params:acme:error:badCSR and a descriptive message stating
> what
> > was wrong. ACME doesn't help clients automatically figure out what
> key to
> > use. ACME Profiles doesn't help clients automatically figure out
> what key
> > to use. Why would ACME Profile Sets be expected to do so?
>
> The document says:
>
> [I-D.ietf-acme-profiles] defines ACME profiles, a mechanism for ACME
> Clients to choose between different certificate profiles from a
> single ACME Server. However, in applications that require
> certificates from multiple profiles, an ACME Client must know WHICH
> PROFILES ARE NEEDED, and be updated over time.
>
> This document extends ACME profiles with _profile sets_. A profile
> set is a set of related profiles, defined by the ACME Server. As
> PKIs evolve, the ACME Server CAN UPDATE ITS PROFILE SETS TO REFLECT
> RELYING PARTY NEEDS. In particular, if satisfying all relying
> parties with a single profile would be infeasible or inefficient, the
> ACME Server can add a profile to the profile set.
>
> So, the purpose of this document is allow an ACME Server to indicate some
> interesting properties about it's profile(sets). If an ACME client knows
> (as you say it must) that it needs key-type-A (with trust anchor from
> type-A)
> and key-type-B, then it ought to be able to find a profile that satisfies
> it.
> To do that, the profile(sets) need to machine readable.
>
> >> I strongly disagree.
> >> Of course, you can't use an algorithm that you have no operational
> code
> >> for.
> >> You also can't get a certificate signed for an algorithm the CA
> doesn't
> >> understand.
> >> The working thing is the common subset of the two.
> >> If profiles or profile-sets can not tell the client what the CA
> would
> >> accept,
> >> then they are useless to me.
> >>
>
> > Repeating myself, why? An ACME directory URL can't tell you what the
> CA
> > would accept, either.
>
> Who said these are directory URLs? I didn't.
>
> > Now, I do think there is some nuance here. If, for example, a CA
> said that
> > they were only going to use their classical hierarchy to issue certs
> over
> > classical keys, and only use their PQ hierarchy to issue certs over
> PQ
> > keys, then a profile set of {"defaultProfileSet":
> {"classicalProfile",
> > "pqProfile"}} would likely be unworkable -- there's no way to tell
> the
>
> Unworkable because nothing here says anything about that policy.
> Only a human could guess that.
>
> (The names, I think we agree, are just sequences of letters, and have no
> meaning)
>
> --
> ] Never tell me the odds! | ipv6 mesh
> networks [
> ] Michael Richardson, Sandelman Software Works | IoT
> architect [
> ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on
> rails [
>
>
>
>
>
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting )
> Sandelman Software Works Inc, Ottawa and Worldwide
>
>
>
>
> _______________________________________________
> Acme mailing list -- acme@ietf.org
> To unsubscribe send an email to acme-leave@ietf.org
>
- [Acme] Re: Call for adoption: draft-davidben-acme… Sven A Rajala
- [Acme] Call for adoption: draft-davidben-acme-pro… Mike Ounsworth via Datatracker
- [Acme] Re: Call for adoption: draft-davidben-acme… Mike Ounsworth
- [Acme] Re: Call for adoption: draft-davidben-acme… David Benjamin
- [Acme] Re: Call for adoption: draft-davidben-acme… Michael Richardson
- [Acme] Re: Call for adoption: draft-davidben-acme… Michael Richardson
- [Acme] Re: Call for adoption: draft-davidben-acme… David Benjamin
- [Acme] Re: Call for adoption: draft-davidben-acme… Michael Richardson
- [Acme] Re: Call for adoption: draft-davidben-acme… Ilari Liusvaara
- [Acme] Re: Call for adoption: draft-davidben-acme… Mike Ounsworth
- [Acme] Re: Call for adoption: draft-davidben-acme… David Benjamin
- [Acme] Re: Call for adoption: draft-davidben-acme… David Benjamin
- [Acme] Re: Call for adoption: draft-davidben-acme… David Benjamin
- [Acme] Re: Call for adoption: draft-davidben-acme… Mike Ounsworth
- [Acme] Re: Call for adoption: draft-davidben-acme… Ilari Liusvaara
- [Acme] Re: Call for adoption: draft-davidben-acme… Ilari Liusvaara
- [Acme] Re: Call for adoption: draft-davidben-acme… Michael Richardson
- [Acme] Re: Call for adoption: draft-davidben-acme… Aaron Gable
- [Acme] Re: Call for adoption: draft-davidben-acme… Michael Richardson
- [Acme] Re: Call for adoption: draft-davidben-acme… Mike Ounsworth