[Acme] Wildcard Certificate for ACME protocol / Letsencrypt project?
"Fabio Pietrosanti (naif) - lists" <lists@infosecurity.ch> Sat, 17 January 2015 10:54 UTC
Return-Path: <lists@infosecurity.ch>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D1DC1ACCE2 for <acme@ietfa.amsl.com>; Sat, 17 Jan 2015 02:54:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 77hv3mh4WcNT for <acme@ietfa.amsl.com>; Sat, 17 Jan 2015 02:54:05 -0800 (PST)
Received: from mail-wi0-f179.google.com (mail-wi0-f179.google.com [209.85.212.179]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 764D71ACCDF for <acme@ietf.org>; Sat, 17 Jan 2015 02:54:05 -0800 (PST)
Received: by mail-wi0-f179.google.com with SMTP id ho1so8327844wib.0 for <acme@ietf.org>; Sat, 17 Jan 2015 02:54:04 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:message-id:date:from:user-agent :mime-version:to:subject:content-type:content-transfer-encoding; bh=rYw/7AtA0+nmlH5O9dXQHBqIqOtPAuEswDtGgmMZSIc=; b=FqMFWjC81z4pb5CBwME5ztEhFouioGothPcmuTagczeazraZMy/O4SBblY5WAaiF6Q Oj3A9mbLPCNUZbKLX2RjJ6dtbcaSzl0ms4xSqyWVA3LaUhjg8tb+m8S5f2I/KdnVQpgG 13m7TgUH2YkCFM6CgdHMNJjKI9qlJAVYGucOEoa1swWnqXRToqtNhvKfMf+RqfUpDyGg IQo2jRsKVlhdi/pojlp/B1YR7HAcH7eZnXvpnCJMJWwFgRVeAX7HPo9nDQ9MKLnW5p3e Pzjm2ha3/8+EMM7XXaael3eg49zi9MDUlDFCgXHBOPDLnvmQzYGJs5fO/MmCDVs1ZrRx ANyw==
X-Gm-Message-State: ALoCoQkRfhW5JEPaJymNP7bDhO6aM11jAlnZ0Fk7qYkKjmHHqqCWbIrwjcUCMRBGZVXHpB9HeN+J
X-Received: by 10.194.175.69 with SMTP id by5mr37777154wjc.32.1421492044239; Sat, 17 Jan 2015 02:54:04 -0800 (PST)
Received: from MacBookAir-2.local (ip-2-116-wsl.customer.panservice.it. [212.66.116.2]) by mx.google.com with ESMTPSA id t12sm9358039wju.19.2015.01.17.02.54.02 for <acme@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 17 Jan 2015 02:54:03 -0800 (PST)
Sender: Fabio Pietrosanti <naif@infosecurity.ch>
Message-ID: <54BA3F4A.7050901@infosecurity.ch>
Date: Sat, 17 Jan 2015 11:54:02 +0100
From: "Fabio Pietrosanti (naif) - lists" <lists@infosecurity.ch>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: acme@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/XdvktPnBT4qpNt4LCm8J1t60kCk>
Subject: [Acme] Wildcard Certificate for ACME protocol / Letsencrypt project?
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jan 2015 10:54:07 -0000
Hi, are there plan or has been already been defined specs to manage wildcard certificates (ie: *.domain.TLD) with ACME protocol and Letsencrypt CA project? I ask this because at Tor2web project [1][2][3] we use Wildcard certificates to enable internet access to Tor's Hidden Services resources (and soon i2p too). One of the problem in making Tor2web network to grow up in numbers is related to the "costs" of wildcard certificates. With the upcoming Letsencrypt free-automated-CA-revolution, this could change the economic effort required to startup and run a Tor2web node by a volounteer. But to do that, it would be required to issue wildcard certificate within the automated CA of letsencrypt. If it will be possible to have Wildcard certificate, we could automate the issuing/setup process within Tor2web software, making it extremely easy and cost effective to set it up. [1] http://logioshermes.org/home/projects-technologies/tor2web/ [2] https://tor2web.org [3] https://github.com/globaleaks/Tor2web-3.0/wiki -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi
- [Acme] Wildcard Certificate for ACME protocol / L… Fabio Pietrosanti (naif) - lists