Re: [Acme] case in point of usability

Warren Kumari <warren@kumari.net> Wed, 01 April 2015 13:00 UTC

Return-Path: <warren@kumari.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EA6B1A8AD9 for <acme@ietfa.amsl.com>; Wed, 1 Apr 2015 06:00:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G4SEaQTpihY8 for <acme@ietfa.amsl.com>; Wed, 1 Apr 2015 06:00:36 -0700 (PDT)
Received: from mail-wg0-f49.google.com (mail-wg0-f49.google.com [74.125.82.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 665511A1A2E for <acme@ietf.org>; Wed, 1 Apr 2015 06:00:36 -0700 (PDT)
Received: by wgbdm7 with SMTP id dm7so52533549wgb.1 for <acme@ietf.org>; Wed, 01 Apr 2015 06:00:35 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=ZXyw4f9T/srEXVDb4UmW6JvmOWBhmZqQXPTBbXf2ZAw=; b=ZR5On7JKUNeU/y4KElGGJ4m8yIkNcId7q5nuIDaOmiOUwVG5rRPLAcHRXGCCJCbpRe PKL6VeyWDadErVKn1/n6W3+sDd20Q4sHRbyBRBtNnNAq6aOvgzkIljeJxcjxJPW+EJzM GV+R5TfbyVkEYHKbeuFPWPv/b4LPlA+jnPZwqaPYLvkFRHdNoRGaCLoN57vlaKDVr/Wj A61oDm54RpXs4g1DOotYEYWwmByTHiuDm+tRaSpTUY7o4W1nNckmoKAGJg5T6VogGlKf 6fjehDvcUYa94xdj3Zfz5+EXcFJ3q+gr9ASI2Qip+Qf/2bQ5nB1vj6lELxf6+DwelLaC w2hA==
X-Gm-Message-State: ALoCoQn4IulrhVISesZ/wBpht78wNZ5zQjdFPfIrU1a5sj2gujLz9lKJm0WUuYh0R8Q0r4to75Wc
MIME-Version: 1.0
X-Received: by 10.180.91.162 with SMTP id cf2mr14633522wib.61.1427893235033; Wed, 01 Apr 2015 06:00:35 -0700 (PDT)
Received: by 10.194.110.97 with HTTP; Wed, 1 Apr 2015 06:00:34 -0700 (PDT)
In-Reply-To: <551AB92F.6080004@cs.tcd.ie>
References: <551AB92F.6080004@cs.tcd.ie>
Date: Wed, 1 Apr 2015 09:00:34 -0400
Message-ID: <CAHw9_iKYcXwO7yEgEA2fZWonOdh6rbMjNWq+XbTzu+Hpim1=rg@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/Pye5zETwW9a4IVRqXsqwhNuMboA>
Cc: "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] case in point of usability
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 13:00:38 -0000

On Tue, Mar 31, 2015 at 11:11 AM, Stephen Farrell
<stephen.farrell@cs.tcd.ie> wrote:
>
> So today I was updating a web server cert as I do a few
> times a year. And I have a usability story to tell...
>
> I got the new cert and installed it in apache without any
> Cullen-like problems:-) That cost me €0.00 in payment and
> about 5-10 minutes. All good so far.
>
> Chrome was happy, but FF/opera/my phone weren't.
>

[ Long tale of woe snipped ]

> I hope this helps those who are worried that acme is
> only about business models. In my head what acme ought
> be about is getting rid of that 1 hour of silly sysadmin
> time I just spent - the system-automated web server s/w
> update should just have done all of this for me without
> me even having to know a new cert was needed until I
> get the system update email tomorrow.
>

Something that is obvious, but probably worth mentioning is that you
actually have /some/ clue about this sort of thing, and were still
foiled.
Most admins have no idea what OSCP, CMP, CMC, PKCS#10, EST, SCEP, CRMF
or even a PKI *are* -- nor should they have to....


> Cheers,
> S.
>
> PS: Apologies, Cullen but it's your own fault:-)

I missed Acme, but Cullen's sadness has been mentioned many times now
-- sounds like I missed much entertainment...
W

>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf