Re: [Acme] WG meeting at IETF 93

John Mattsson <> Mon, 06 July 2015 10:38 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 5714B1ACDCD for <>; Mon, 6 Jul 2015 03:38:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LZdblLlLnW0D for <>; Mon, 6 Jul 2015 03:38:21 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 60CA61ACDD0 for <>; Mon, 6 Jul 2015 03:38:20 -0700 (PDT)
X-AuditID: c1b4fb2d-f79176d00000321c-2e-559a5a9aa5a0
Received: from (Unknown_Domain []) by (Symantec Mail Security) with SMTP id 57.C3.12828.A9A5A955; Mon, 6 Jul 2015 12:38:18 +0200 (CEST)
Received: from ([]) by ([]) with mapi id 14.03.0210.002; Mon, 6 Jul 2015 12:38:17 +0200
From: John Mattsson <>
To: Ted Hardie <>
Thread-Topic: [Acme] WG meeting at IETF 93
Thread-Index: AQHQsDky3s8uZ2wIBkCWnFgVL80YqZ3OLcWA
Date: Mon, 6 Jul 2015 10:38:17 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_E4B7B9BC852148898D4D39AC19EAE70Eericssoncom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprGIsWRmVeSWpSXmKPExsUyM+Jvje6sqFmhBj/3CVmseh5o8X9LJ4tF 41w7B2aPyUcWMHvsnHWX3WPJkp9MAcxRXDYpqTmZZalF+nYJXBmNM/4zF/zUrWhbcJ6lgfGv WhcjJ4eEgInElX2PWCBsMYkL99azdTFycQgJHGWUuPl/FlhCSGARo8T8+0YgNpuAgcTcPQ1s ILaIgLLE3is7wGxmgQKJJR9Os4LYwgKaEl9mbQOKcwDVaElM/BcAUW4k8fnWYSYQm0VAReL2 jf/MICW8AvYSM9dqQGwKkHh+fxrYFE6BQIn2k+3MIDYj0GnfT61hgtgkLnHryXwmiJMFJJbs Oc8MYYtKvHz8jxVkpISAosTyfjmI8mSJ+Ufes4PYvAKCEidnPmGZwCg6C8mkWUjKZiEpg4jr SCzY/YkNwtaWWLbwNTOMfebAY6hea4nTs3pZkdUsYORYxShanFpcnJtuZKyXWpSZXFycn6eX l1qyiREYkQe3/Nbdwbj6teMhRgEORiUe3gcrZoYKsSaWFVfmHmKU5mBREuedsTkvVEggPbEk NTs1tSC1KL6oNCe1+BAjEwenVANjzhOW+3sCSx3WnPpvejGU7eSk0yv+Gi3Innfr9ukvD072 XZJU8F+3bo2K5MWsi51vmZ3LVx4yk0qXvDj1x0fLT98YffYatCTmTJNf8z65JSRXyeSpxonL pnZOL5imXOkvU2E/L7zVw0tDjLN4TeznD9OjNbMPuuUV1Te6mWyeOn0/W4g4r6ufEktxRqKh FnNRcSIARFoqOKkCAAA=
Archived-At: <>
Cc: "Salz, Rich" <>, "" <>, Robert Skog <>
Subject: Re: [Acme] WG meeting at IETF 93
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 06 Jul 2015 10:38:23 -0000


I request time to present (focusing on the tunnelling illustrated in Figure 3).

I think there need be be a discussion on how ACME is supposed to work in domains with more than one web server. During the BoF Eric Rescorla briefly discussed how to tunnel the ACME protocol, i.e. the scenario illustrated in Figure 3 of draft-mattsson-use-cases. In this scenario the domain owner may like to put restrictions on the issued certificate (e.g. only certain subdomain and limited lifetime). To my understading, draft-barnes-acme would only allow the domain owner to forward or block the CSR from the web server, and then forward of block the issued certificate from the CA. And to my understanding, there is no mechanism to suggest the lifetime of the certificate.


On 26 Jun 2015, at 19:54, Ted Hardie <<>> wrote:


As you've seen from the IESG announcement, ACME has been approved as a working group, so our meeting in Prague will be as a working group rather than a BoF.  The IETF agenda is still tentative, but we're currently scheduled for Thursday, July 23rd, 15:20-17:20, in Karlin I/II.  (There is still a chance that will change, though, so please do not tailor travel to just that time frame!)

Our charter lists draft-barnes-acme as a starting point, and Rich and I are asking the authors to produce an update for the meeting.  We expect some of the working group time in Prague to be a document review/discussion of that draft.

If you have other agenda items you'd like to request time for, please send them to the list.


Ted and Rich
Acme mailing list<>