Re: [Acme] ACME or EST?
Richard Barnes <rlb@ipv.sx> Tue, 25 November 2014 22:24 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2CAA1A87A6 for <acme@ietfa.amsl.com>; Tue, 25 Nov 2014 14:24:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LlnXE39I0nX1 for <acme@ietfa.amsl.com>; Tue, 25 Nov 2014 14:24:23 -0800 (PST)
Received: from mail-vc0-f181.google.com (mail-vc0-f181.google.com [209.85.220.181]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C2031A1AA3 for <acme@ietf.org>; Tue, 25 Nov 2014 14:24:23 -0800 (PST)
Received: by mail-vc0-f181.google.com with SMTP id le20so727229vcb.26 for <acme@ietf.org>; Tue, 25 Nov 2014 14:24:22 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=51bsMyH6fQZ/kOFfmjaM8SdDKv53q178tgQiZ/usdHY=; b=PSZdfd/Ai5PpPn1DyRiNazoqnwUiEz1tiTkVYwIcMwqbPJevdfE+ZYJ0HnU7y3G5E9 xsTrsmdaQayJz+gof0aoQkG6GTpb+Ue1ixBIouEMMJDG3dT3k9UeyjIQ+ADLTtJWE2bV YJwMX7C9LDaMSBKnjZbK5oxMZoIJH7AHgcNbAtUSEMLkY2Ms2vWfTjVQALe9WvurzwSw uG8IWeEPGD+ewe3Us61ijTUSoxBEJiMXuvbX2Oc/P32z0MghErRdxV6LM+ifkwAzWzj2 dWWLkOF/rGG7RI9TsMJvegeUGN0607OMETexdJtY5Js1HXyZKJiFt2xgTpeTEbyO6YVv ofkQ==
X-Gm-Message-State: ALoCoQm511yjx+RJnPBkeGq9ZddpBzKEUJC5NBWTTCLt7aeLvZDIKm3dThlLt34oTPfwHEwpNtwF
MIME-Version: 1.0
X-Received: by 10.220.118.194 with SMTP id w2mr16301797vcq.24.1416954262747; Tue, 25 Nov 2014 14:24:22 -0800 (PST)
Received: by 10.31.149.1 with HTTP; Tue, 25 Nov 2014 14:24:22 -0800 (PST)
In-Reply-To: <DEC7A8A8-563D-41B3-94AC-71DC7219D3F8@cisco.com>
References: <AD5940AA-6F01-4D0E-A4E0-19AEA56BBED3@vpnc.org> <CAL02cgTgpjQffow2XuaNuT7BtqYVttXdVUgyqBFbsAbN4g0VzQ@mail.gmail.com> <DEC7A8A8-563D-41B3-94AC-71DC7219D3F8@cisco.com>
Date: Tue, 25 Nov 2014 17:24:22 -0500
Message-ID: <CAL02cgTETDJLkuXtqh97JXi83ezpvGtYXmGKWVaOcc_H0LH9GQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: "Joe Hildebrand (jhildebr)" <jhildebr@cisco.com>
Content-Type: multipart/alternative; boundary="001a1132f4ba7ec2450508b65fc4"
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/YHuEWdwfVbNpFL_kH2bjWLrHQJs
Cc: "acme@ietf.org" <acme@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [Acme] ACME or EST?
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Nov 2014 22:24:28 -0000
On Tue, Nov 25, 2014 at 5:17 PM, Joe Hildebrand (jhildebr) < jhildebr@cisco.com> wrote: > On 11/25/14, 9:55 PM, "Richard Barnes" <rlb@ipv.sx> wrote: > > >A few things off the top of my head: > > > >* If nothing else, much less ASN.1. (Cf. JOSE vs. CMS) > > > >* Support for other certificate management functions, e.g., revocation > > > >* Validation of possession of identifiers > > > >* Cleaner use of HTTP > > Although I sympathize with less ASN.1 and better HTTP use, the other two > points are stronger technical differentiators, so in future answers to > this question it might be better to focus more on those. > > I personally would like to make sure we have mapped whatever use cases are > in EST to see if there are edges that ACME hasn't yet considered. I would > also like to ensure that the operational model that is implied by ACME is > congruent enough with EST that an operator might be able to use both in > parallel - if possible. If it's not possible, I would like to have a > crisp answer as to why we think that is a good thing. > I would also like to have this analysis. It would probably be better for someone more familiar with EST than me to do it. --Richard > > -- > Joe Hildebrand > > > >
- [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Joe Hildebrand (jhildebr)
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Michael Jenkins
- Re: [Acme] ACME or EST? Stephen Farrell
- [Acme] first order requirement - suitable as an o… Stephen Farrell
- Re: [Acme] ACME or EST? Salz, Rich
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] ACME or EST? Joe Hildebrand (jhildebr)
- Re: [Acme] ACME or EST? Stephen Farrell
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Viktor Dukhovni
- Re: [Acme] ACME or EST? Christian Huitema
- [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Christian Huitema
- [Acme] kinds of proof (was: Re: ACME or EST?) Stephen Farrell
- Re: [Acme] kinds of proof (was: Re: ACME or EST?) Phillip Hallam-Baker
- Re: [Acme] kinds of proof Stephen Farrell
- Re: [Acme] kinds of proof Salz, Rich
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Eric Rescorla
- Re: [Acme] ACME or EST? Eliot Lear
- Re: [Acme] kinds of proof (was: Re: ACME or EST?) Viktor Dukhovni
- Re: [Acme] kinds of proof Phillip Hallam-Baker
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Nico Williams
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Tony Arcieri
- Re: [Acme] kinds of proof Eric Mill
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Christian Huitema
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Phillip Hallam-Baker
- Re: [Acme] kinds of proof Trevor Freeman
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] kinds of proof Martin Thomson