Re: [Acme] ACME or EST?

Richard Barnes <rlb@ipv.sx> Tue, 25 November 2014 22:24 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2CAA1A87A6 for <acme@ietfa.amsl.com>; Tue, 25 Nov 2014 14:24:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LlnXE39I0nX1 for <acme@ietfa.amsl.com>; Tue, 25 Nov 2014 14:24:23 -0800 (PST)
Received: from mail-vc0-f181.google.com (mail-vc0-f181.google.com [209.85.220.181]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C2031A1AA3 for <acme@ietf.org>; Tue, 25 Nov 2014 14:24:23 -0800 (PST)
Received: by mail-vc0-f181.google.com with SMTP id le20so727229vcb.26 for <acme@ietf.org>; Tue, 25 Nov 2014 14:24:22 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=51bsMyH6fQZ/kOFfmjaM8SdDKv53q178tgQiZ/usdHY=; b=PSZdfd/Ai5PpPn1DyRiNazoqnwUiEz1tiTkVYwIcMwqbPJevdfE+ZYJ0HnU7y3G5E9 xsTrsmdaQayJz+gof0aoQkG6GTpb+Ue1ixBIouEMMJDG3dT3k9UeyjIQ+ADLTtJWE2bV YJwMX7C9LDaMSBKnjZbK5oxMZoIJH7AHgcNbAtUSEMLkY2Ms2vWfTjVQALe9WvurzwSw uG8IWeEPGD+ewe3Us61ijTUSoxBEJiMXuvbX2Oc/P32z0MghErRdxV6LM+ifkwAzWzj2 dWWLkOF/rGG7RI9TsMJvegeUGN0607OMETexdJtY5Js1HXyZKJiFt2xgTpeTEbyO6YVv ofkQ==
X-Gm-Message-State: ALoCoQm511yjx+RJnPBkeGq9ZddpBzKEUJC5NBWTTCLt7aeLvZDIKm3dThlLt34oTPfwHEwpNtwF
MIME-Version: 1.0
X-Received: by 10.220.118.194 with SMTP id w2mr16301797vcq.24.1416954262747; Tue, 25 Nov 2014 14:24:22 -0800 (PST)
Received: by 10.31.149.1 with HTTP; Tue, 25 Nov 2014 14:24:22 -0800 (PST)
In-Reply-To: <DEC7A8A8-563D-41B3-94AC-71DC7219D3F8@cisco.com>
References: <AD5940AA-6F01-4D0E-A4E0-19AEA56BBED3@vpnc.org> <CAL02cgTgpjQffow2XuaNuT7BtqYVttXdVUgyqBFbsAbN4g0VzQ@mail.gmail.com> <DEC7A8A8-563D-41B3-94AC-71DC7219D3F8@cisco.com>
Date: Tue, 25 Nov 2014 17:24:22 -0500
Message-ID: <CAL02cgTETDJLkuXtqh97JXi83ezpvGtYXmGKWVaOcc_H0LH9GQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: "Joe Hildebrand (jhildebr)" <jhildebr@cisco.com>
Content-Type: multipart/alternative; boundary=001a1132f4ba7ec2450508b65fc4
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/YHuEWdwfVbNpFL_kH2bjWLrHQJs
Cc: "acme@ietf.org" <acme@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [Acme] ACME or EST?
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Nov 2014 22:24:28 -0000

On Tue, Nov 25, 2014 at 5:17 PM, Joe Hildebrand (jhildebr) <
jhildebr@cisco.com> wrote:

> On 11/25/14, 9:55 PM, "Richard Barnes" <rlb@ipv.sx> wrote:
>
> >A few things off the top of my head:
> >
> >* If nothing else, much less ASN.1.  (Cf. JOSE vs. CMS)
> >
> >* Support for other certificate management functions, e.g., revocation
> >
> >* Validation of possession of identifiers
> >
> >* Cleaner use of HTTP
>
> Although I sympathize with less ASN.1 and better HTTP use, the other two
> points are stronger technical differentiators, so in future answers to
> this question it might be better to focus more on those.
>
> I personally would like to make sure we have mapped whatever use cases are
> in EST to see if there are edges that ACME hasn't yet considered.  I would
> also like to ensure that the operational model that is implied by ACME is
> congruent enough with EST that an operator might be able to use both in
> parallel - if possible.  If it's not possible, I would like to have a
> crisp answer as to why we think that is a good thing.
>

I would also like to have this analysis.  It would probably be better for
someone more familiar with EST than me to do it.

--Richard


>
> --
> Joe Hildebrand
>
>
>
>