Re: [Acme] Proposed ACME Charter Language

Russ Housley <housley@vigilsec.com> Wed, 13 May 2015 19:56 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E64121A8A10 for <acme@ietfa.amsl.com>; Wed, 13 May 2015 12:56:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eGKh9yPeAjjY for <acme@ietfa.amsl.com>; Wed, 13 May 2015 12:56:57 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 528251A8A0B for <acme@ietf.org>; Wed, 13 May 2015 12:56:57 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 0FDF79A4046; Wed, 13 May 2015 15:56:47 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id aHME+t1rpAg2; Wed, 13 May 2015 15:56:25 -0400 (EDT)
Received: from [192.168.2.100] (pool-96-255-145-93.washdc.fios.verizon.net [96.255.145.93]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id CF6AE9A4048; Wed, 13 May 2015 15:56:25 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset=us-ascii
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <E33E01DFD5BEA24B9F3F18671078951F65279C87@nkgeml501-mbs.china.huawei.com>
Date: Wed, 13 May 2015 15:56:14 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <225FA525-ADBF-4F5C-BD0F-20708C1B9673@vigilsec.com>
References: <6A9C3116-8CC9-472C-8AA8-F555D060834C@vigilsec.com> <55351EAB.1060905@cs.tcd.ie> <E81896AA-245F-48B7-9B38-86AC30D2F82A@vigilsec.com> <553523E4.2090808@cs.tcd.ie> <84718B26-1DA3-4D46-8B6F-B615806229D7@vigilsec.com> <CABcZeBOy2yBEMGMxcDy=E3fvc+OF1sZfvOV7twJHAvKqtrxtLg@mail.gmail.com> <28919F11-9336-41F6-9922-4E3E2DC4E935@gmail.com> <BD7B96B1-CD50-408F-AA06-49C20AB102A6@vigilsec.com> <E33E01DFD5BEA24B9F3F18671078951F65279C87@nkgeml501-mbs.china.huawei.com>
To: Songhaibin (A) <haibin.song@huawei.com>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/RLb-tYLJh1ohrcOXMoQ-5ATBZEs>
Cc: IETF ACME <acme@ietf.org>
Subject: Re: [Acme] Proposed ACME Charter Language
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2015 19:56:59 -0000

Haibin:

There was some language about  documenting the aspects of previous work that prevented it from being used.  After discussion, that was removed.  You seem to be asking for documentation in a different direction, going beyond subject and subject alternative names that are tied to domain names.  The mechanisms are quite different, and I'm not sure that we want to put them all in one working group.  If we discover otherwise, we can always recharter to expand the scope.

Russ


On Apr 29, 2015, at 5:00 AM, Songhaibin (A) wrote:

> And I think at the initial stage, the WG must consider the future extensibility to accommodate other types of certificates (beyond domain name certificates used by web servers). So discussion or documentation about other use cases are also helpful at the initial stage.
> 
> Best Regards!
> -Haibin
> 
> 
>> -----Original Message-----
>> From: Acme [mailto:acme-bounces@ietf.org] On Behalf Of Russ Housley
>> Sent: Sunday, April 26, 2015 5:46 AM
>> To: IETF ACME
>> Subject: Re: [Acme] Proposed ACME Charter Language
>> 
>> Here is the currrent language ...
>> 
>> Russ
>> 
>> = = = = = = = = = =
>> 
>> 
>> Automated Certificate Management Environment (ACME)
>> 
>> Historically, issuance of certificates for Internet applications (e.g., web servers)
>> has involved many manual identity validation steps by the certification
>> authority (CA).  The ACME WG will specify conventions for automated X.509
>> certificate management, including validation of control over an identifier,
>> certificate issuance, certificate renewal, and certificate revocation.  The initial
>> focus of the ACME WG will be on domain name certificates (as used by web
>> servers), but other uses of certificates can be considered as work progresses.
>> 
>> ACME certificate management must allow the CA to verify, in an automated
>> manner, that the party requesting a certificate has authority over the
>> requested identifiers, including the subject and subject alternative names.
>> The processing must also confirm that the requesting party has access to the
>> private key that corresponds to the public key that will appear in the certificate.
>> All of the processing must be done in a manner that is compatible with common
>> service deployment environments, such as hosting environments.
>> 
>> ACME certificate management must, in an automated manner, allow a party
>> that has previously requested a certificate to subsequently request revocation
>> of that certificate.
>> 
>> In order to facilitate deployment by CAs, the ACME protocol must be
>> compatible with common industry standards for the operation of a CA, for
>> example the CA/Browser Forum Baseline Requirements [0].
>> 
>> The starting point for ACME WG discussions shall be draft-barnes-acme.
>> 
>> [0] https://cabforum.org/wp-content/uploads/BRv1.2.3.pdf
>> 
>> _______________________________________________
>> Acme mailing list
>> Acme@ietf.org
>> https://www.ietf.org/mailman/listinfo/acme