[Acme] Protocol Action: 'Support for Short-Term, Automatically-Renewed (STAR) Certificates in Automated Certificate Management Environment (ACME)' to Proposed Standard (draft-ietf-acme-star-11.txt)
The IESG <iesg-secretary@ietf.org> Thu, 24 October 2019 13:51 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: acme@ietf.org
Delivered-To: acme@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 281681208AF; Thu, 24 Oct 2019 06:51:17 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.108.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: rdd@cert.org, Rich Salz <rsalz@akamai.com>, The IESG <iesg@ietf.org>, rsalz@akamai.com, acme@ietf.org, draft-ietf-acme-star@ietf.org, acme-chairs@ietf.org, rfc-editor@rfc-editor.org
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Message-ID: <157192507715.11426.14422686433923833221.idtracker@ietfa.amsl.com>
Date: Thu, 24 Oct 2019 06:51:17 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/VFZwgSb_1gQGFv1ck4JOLOIWWUw>
Subject: [Acme] Protocol Action: 'Support for Short-Term, Automatically-Renewed (STAR) Certificates in Automated Certificate Management Environment (ACME)' to Proposed Standard (draft-ietf-acme-star-11.txt)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2019 13:51:17 -0000
The IESG has approved the following document: - 'Support for Short-Term, Automatically-Renewed (STAR) Certificates in Automated Certificate Management Environment (ACME)' (draft-ietf-acme-star-11.txt) as Proposed Standard This document is the product of the Automated Certificate Management Environment Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-acme-star/ Technical Summary Public-key certificates need to be revoked when they are compromised, that is, when the associated private key is exposed to an unauthorized entity. However the revocation process is often unreliable. An alternative to revocation is issuing a sequence of certificates, each with a short validity period, and terminating this sequence upon compromise. This memo proposes an ACME extension to enable the issuance of short-term and automatically renewed (STAR) X.509 certificates. Working Group Summary This document reflects WG consensus. A review by the designated expert for the pertinent registries resulted in revision of the draft after IETF LC that was rerun through a WG run. Document Quality The document has been in circulation for 2.5 years and a WG document for 2 years. During this time it has received a variety of reviews, resulting in significant changes. Although discussion has been light, the document reflects WG consensus. ** The MAMI implementation of this draft is being integrated with the OSM orchestrator [0] for NFV workloads; ** GSMA is considering ACME STAR as one of the reference solutions for handling encrypted content in CDNI (see also [1]); ** There has been discussion related to the use of short-term certs for non-web use cases (see [2]), for example in the ANIMA control plane [3]. ** The CDNI working group plans to use this work [0] https://osm.etsi.org [1] https://datatracker.ietf.org/doc/draft-ietf-cdni-interfaces-https-delegation [2] https://www.ietf.org/archive/id/draft-nir-saag-star-01.txt [3] https://datatracker.ietf.org/doc/draft-ietf-anima-autonomic-control-plane Personnel Rich Salz is the document shepherd; Roman Danyliw is the responsible AD.