Re: [Acme] kinds of proof
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 28 November 2014 17:20 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C21FA1A0267 for <acme@ietfa.amsl.com>; Fri, 28 Nov 2014 09:20:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eURrw-IfzWFf for <acme@ietfa.amsl.com>; Fri, 28 Nov 2014 09:20:07 -0800 (PST)
Received: from mail-la0-x22f.google.com (mail-la0-x22f.google.com [IPv6:2a00:1450:4010:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C76D1A008D for <acme@ietf.org>; Fri, 28 Nov 2014 09:19:53 -0800 (PST)
Received: by mail-la0-f47.google.com with SMTP id hz20so5836154lab.6 for <acme@ietf.org>; Fri, 28 Nov 2014 09:19:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=h9p6vjseOJz3LnDA5vVlK0a+h+s4L0Rtvdhe+N8FcC0=; b=LjXKNyVdX7aRpTocWtsovEcSfboltdwlPKUtX0F7k4NhYFpjhlMUgD4w09GvbJdZca PvQc0RaR4ITKRdwy9QZsBn7nd3vqdYQtbSFYnfArn2KRwW2kf7lTiJBLPMydZ6GmB5UF FgV5LYa28gx4UJ8swtT6pOzR6zoTm6yH5iSp2997huch1phgEGgmUa7GBtREHdhNstpH /ciyRBfqpca7/a1Pt6a1LkK4QaUa64b9E5vFZnxAhdZ01WLROv6iWLRxZza02cXLaPDk 3Th9lqwhNga8u2zL4UeQUn2F+MPZcB1CPpZtwy6t07XXZTuCyX995tAUFWM3/qek79ml QGvA==
MIME-Version: 1.0
X-Received: by 10.112.160.137 with SMTP id xk9mr2332733lbb.99.1417195191668; Fri, 28 Nov 2014 09:19:51 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.34.212 with HTTP; Fri, 28 Nov 2014 09:19:51 -0800 (PST)
In-Reply-To: <1F442BA7-C7D4-49AD-AA9D-49B86B39159D@vpnc.org>
References: <AD5940AA-6F01-4D0E-A4E0-19AEA56BBED3@vpnc.org> <CAL02cgTgpjQffow2XuaNuT7BtqYVttXdVUgyqBFbsAbN4g0VzQ@mail.gmail.com> <DEC7A8A8-563D-41B3-94AC-71DC7219D3F8@cisco.com> <m27fyg4yzg.wl%randy@psg.com> <547754C0.9050306@cs.tcd.ie> <20141127211348.GE25114@mournblade.imrryr.org> <54784C61.2080508@cs.tcd.ie> <1F442BA7-C7D4-49AD-AA9D-49B86B39159D@vpnc.org>
Date: Fri, 28 Nov 2014 12:19:51 -0500
X-Google-Sender-Auth: 6e9Gg-cdkgu-8U744CD-XW7FLyU
Message-ID: <CAMm+Lwgm2N1Cg=i-HoZyLR1PuG2+5a+Siydo=SXvuGjOojph5w@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/Ke606hhgEXZUQRpV4bUaY525Ld0
Cc: "acme@ietf.org" <acme@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [Acme] kinds of proof
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Nov 2014 17:20:09 -0000
On Fri, Nov 28, 2014 at 10:32 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > On Nov 28, 2014, at 2:20 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: >> Yep. Fully agree about DV. But DV isn't the only kind of >> validation I'd like to be supported here. >> >> I'd like if it were possible to extend that to include cases >> where one has control over the web server, but not the DNS. > > Those two paragraphs don't really go together. You absolutely can do DV in cases where you don't have control over the DNS; that's basically how all web certificate enrollment happens today. I think the underlying question is whether we are just going to support one provider of free certs (who has yet to issue one) or support a more general approach. My view is that we should, not least because my employer has been giving away SSL certs for eight years... The significant change here is the automation. Free isn't enough on its own. In addition, any new proposal has to work with DANE and with HSTS and CAA. Not at all difficult to do, but does require some thought.
- [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Joe Hildebrand (jhildebr)
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Michael Jenkins
- Re: [Acme] ACME or EST? Stephen Farrell
- [Acme] first order requirement - suitable as an o… Stephen Farrell
- Re: [Acme] ACME or EST? Salz, Rich
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] ACME or EST? Joe Hildebrand (jhildebr)
- Re: [Acme] ACME or EST? Stephen Farrell
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Viktor Dukhovni
- Re: [Acme] ACME or EST? Christian Huitema
- [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Christian Huitema
- [Acme] kinds of proof (was: Re: ACME or EST?) Stephen Farrell
- Re: [Acme] kinds of proof (was: Re: ACME or EST?) Phillip Hallam-Baker
- Re: [Acme] kinds of proof Stephen Farrell
- Re: [Acme] kinds of proof Salz, Rich
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Eric Rescorla
- Re: [Acme] ACME or EST? Eliot Lear
- Re: [Acme] kinds of proof (was: Re: ACME or EST?) Viktor Dukhovni
- Re: [Acme] kinds of proof Phillip Hallam-Baker
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Nico Williams
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Tony Arcieri
- Re: [Acme] kinds of proof Eric Mill
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Christian Huitema
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Phillip Hallam-Baker
- Re: [Acme] kinds of proof Trevor Freeman
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] kinds of proof Martin Thomson