[Acme] draft-misell-acme-onion
Q Misell <q@as207960.net> Sat, 15 April 2023 16:23 UTC
Return-Path: <q@as207960.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA88CC15154C for <acme@ietfa.amsl.com>; Sat, 15 Apr 2023 09:23:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=as207960.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AOUNDYz4hAWJ for <acme@ietfa.amsl.com>; Sat, 15 Apr 2023 09:23:32 -0700 (PDT)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8468BC14CE27 for <acme@ietf.org>; Sat, 15 Apr 2023 09:23:31 -0700 (PDT)
Received: by mail-ej1-x635.google.com with SMTP id ud9so53069053ejc.7 for <acme@ietf.org>; Sat, 15 Apr 2023 09:23:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=as207960.net; s=google; t=1681575809; x=1684167809; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=IoZ9ScaMhasT260xkBnQV3NUDEAiSq1OBvWUz0o+kn8=; b=QzuN/t4O23C+rVXUck2rdV0l2pmXQ85DS+MG8kPITz/kuWrr/+sccbGmaL87mcTdp2 DkSGheGB3mIP+WbydFknWlIUK0VQZWXtUkoNcLcAnS5xfTrCoGxU95FX2lgJSl45m/D6 aYKB4cg+gc3he0swoPBKTQGbyXTaD1ym4CbUISe3xY48ZkPtnXsXc1U32QsP7iUEg4kH 7mWi/rC9NgT1RaC/byochDAdWgYqAmsP4gE5GWJ5jWivsQmn4Y4rIbeByQiVSWpGvtX4 zLDr/qFvG6tdrwsTSFuzlOmB0G1yHfSahVax1JVYhi9LTOoKd+IcZY2Ca80TIHoz2D6V jYsA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681575809; x=1684167809; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=IoZ9ScaMhasT260xkBnQV3NUDEAiSq1OBvWUz0o+kn8=; b=AH1WGQal6kGDP+O62B18raNSffU27rscJsE+ffmN/34TxdP8usX7UO73W6cWj7dtIU NUfVmvTzg2j1tA2xxrWW4283CrY3qh5kFHRHTkQ/cTrVLQSRNCW1fISeolyMbqPFDVf2 kwjcqvbGOVPyyZilq8JOfWLi2GIMtpqAoq2OJhfY8StAUDBN4r8Ko5VCTCTXHfF0lz1w 6ihVZsPF4CZVo3CzwSrebmkiHE6tJXZa+Qjn3dZhO2b36FZAEaaI+phZ/la+A2GmwVlA yq60OxbQdCFAwH6DNQT1wIcMmFE+xP6c0tqDYEYihsvHcrc49xXkT7ae1APa4z4u2ys/ /Q0A==
X-Gm-Message-State: AAQBX9dcpUcT+OfYH5aiwGufUPtsS8k1lEJ2HogMJyUdUeQPEauGjB6x L4ld/QZpT1i6vW7aVZJ8VQkvfA8kscxTvdACX+woZWnIeu4s53NHJNnizUfN
X-Google-Smtp-Source: AKy350bXuVUAu8FXgX5db2NvUGe5qcfYz8NkPSuQOPnkF7GpUxXKdZxroB0tfMXjJ4a6Tii0urern+NLfbU0sSaq3VA=
X-Received: by 2002:a17:906:5e12:b0:930:310:abef with SMTP id n18-20020a1709065e1200b009300310abefmr1247640eju.3.1681575809383; Sat, 15 Apr 2023 09:23:29 -0700 (PDT)
MIME-Version: 1.0
From: Q Misell <q@as207960.net>
Date: Sat, 15 Apr 2023 17:22:53 +0100
Message-ID: <CAMEWqGuuRsYF-EoFs44DSZ0X0z5iOuKa8iMC38Yuh24F0fWYXQ@mail.gmail.com>
To: acme@ietf.org
Content-Type: multipart/alternative; boundary="000000000000c8195a05f9626007"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/PAxkQMlLvhX828yzvv_fo7xBoP8>
Subject: [Acme] draft-misell-acme-onion
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Apr 2023 16:23:37 -0000
Hi all, Hope you've all recovered from IETF116, it was lovely seeing you all there. Thanks to those who already gave me feedback on my draft. As promised in my brief presentation at the WG meeting, here's my post introducing my draft draft <https://datatracker.ietf.org/doc/draft-misell-acme-onion/> -misell-acme-onion <https://datatracker.ietf.org/doc/draft-misell-acme-onion/> to ease issuance of certificates to Tor hidden services. DigiCert and HARICA already issue X.509 certificates to Tor hidden services but there is no automation whatsoever on this. From my discussions with the Tor community this is something that bothers them so I've taken to writing this draft to hopefully address that. The draft defines three ways of validation: - http-01 over Tor - tls-alpn-01 over Tor - A new method onion-csr-01, where the CSR is signed by the key of the onion service An explicit non goal is to define validation methods not already approved by the CA/BF, however if someone can make a compelling argument for an entirely novel method I wouldn't be entirely opposed to it. Looking forward to your feedback, and some indication that this would be worth adopting as a WG draft. Thanks, Q Misell
- [Acme] draft-misell-acme-onion Q Misell
- Re: [Acme] draft-misell-acme-onion Seo Suchan
- Re: [Acme] draft-misell-acme-onion Q Misell
- Re: [Acme] draft-misell-acme-onion Seo Suchan
- Re: [Acme] draft-misell-acme-onion Q Misell
- Re: [Acme] draft-misell-acme-onion Corey Bonnell
- Re: [Acme] draft-misell-acme-onion Seo Suchan
- Re: [Acme] draft-misell-acme-onion Q Misell