Re: [Acme] Proposed ACME Charter Language
Russ Housley <housley@vigilsec.com> Wed, 13 May 2015 19:51 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 512F81A8877 for <acme@ietfa.amsl.com>; Wed, 13 May 2015 12:51:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uUcqPOjmiwNd for <acme@ietfa.amsl.com>; Wed, 13 May 2015 12:51:48 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id C020E1A87EF for <acme@ietf.org>; Wed, 13 May 2015 12:51:48 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 4DB1D9A404A; Wed, 13 May 2015 15:51:38 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id wXs4Ens4CXFf; Wed, 13 May 2015 15:51:17 -0400 (EDT)
Received: from [192.168.2.100] (pool-96-255-145-93.washdc.fios.verizon.net [96.255.145.93]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 5BEB99A4020; Wed, 13 May 2015 15:51:17 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="utf-8"
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <87d225qwbq.fsf@latte.josefsson.org>
Date: Wed, 13 May 2015 15:51:06 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <B30EDBDF-0803-4AB0-9EBB-DD726F617C5B@vigilsec.com>
References: <6A9C3116-8CC9-472C-8AA8-F555D060834C@vigilsec.com> <55351EAB.1060905@cs.tcd.ie> <E81896AA-245F-48B7-9B38-86AC30D2F82A@vigilsec.com> <553523E4.2090808@cs.tcd.ie> <84718B26-1DA3-4D46-8B6F-B615806229D7@vigilsec.com> <CABcZeBOy2yBEMGMxcDy=E3fvc+OF1sZfvOV7twJHAvKqtrxtLg@mail.gmail.com> <28919F11-9336-41F6-9922-4E3E2DC4E935@gmail.com> <BD7B96B1-CD50-408F-AA06-49C20AB102A6@vigilsec.com> <CA+9kkMAH+U25ZhLq1HhGFHKMAECu+Y1ZJH-h4bOrEXaUQ15LjQ@mail.gmail.com> <87d225qwbq.fsf@latte.josefsson.org>
To: Simon Josefsson <simon@josefsson.org>, Ted Hardie <ted.ietf@gmail.com>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/_PSvAYhIDYo_JNuuJFyrN6jKPfY>
Cc: IETF ACME <acme@ietf.org>
Subject: Re: [Acme] Proposed ACME Charter Language
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2015 19:51:50 -0000
Ted and Simon: > Ted Hardie <ted.ietf@gmail.com> writes: > >>> In order to facilitate deployment by CAs, the ACME protocol must be >>> compatible with common industry standards for the operation of a CA, >>> for example the CA/Browser Forum Baseline Requirements [0]. >>> >>> >> I don't really like the language "the ACME protocol must be >> compatible with common industry standards for the operation of a CA, >> for example the CA/Browser Forum Baseline Requirements [0]." Proving >> compatibility with an unbounded set of standards seems likely to >> generate a lot of wrangling on what "common industry standards". >> Also, the point of the effort, after all, is to be better than *some* of >> the current >> operations of a CA. >> >> Would the following work? >> >> "The ACME working group is focused on automating certificate issuance, >> validation, >> revocation and renewal. Review of other industry practices are not within >> scope for this working group." > > +1 > > The reference to CA/B and saying ACME must be compatible with it appear > restrictive to me. If we want to improve state-of-the-art, we can't be > limited by compatibility with the lowest common denominator in the > industry. I think the point of this paragraph was to create a protocol that is compatible with existing CA policies and practices. How about this? The ACME working group is specifying ways to automate certificate issuance, validation, revocation and renewal. The ACME working group is not reviewing or producing certificate policies or practices. Russ
- [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Stephen Farrell
- Re: [Acme] Proposed ACME Charter Language Salz, Rich
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Stephen Farrell
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Stephen Farrell
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Stephen Farrell
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Stephen Farrell
- Re: [Acme] Proposed ACME Charter Language hallam
- Re: [Acme] Proposed ACME Charter Language Eric Rescorla
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Songhaibin (A)
- Re: [Acme] Proposed ACME Charter Language Anders Rundgren
- Re: [Acme] Proposed ACME Charter Language Dr. Pala
- Re: [Acme] Proposed ACME Charter Language Ben Laurie
- Re: [Acme] Proposed ACME Charter Language Salz, Rich
- Re: [Acme] Proposed ACME Charter Language Bernd Eckenfels
- [Acme] PKIX "standards" Re: Proposed ACME Charter… Anders Rundgren
- Re: [Acme] Proposed ACME Charter Language Ted Hardie
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Salz, Rich
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Ted Hardie
- Re: [Acme] Proposed ACME Charter Language Kathleen Moriarty
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Randy Bush
- Re: [Acme] Proposed ACME Charter Language Ted Hardie
- Re: [Acme] Proposed ACME Charter Language Martin Thomson
- Re: [Acme] Proposed ACME Charter Language Salz, Rich
- Re: [Acme] Proposed ACME Charter Language Randy Bush
- Re: [Acme] Proposed ACME Charter Language Ted Hardie
- Re: [Acme] Proposed ACME Charter Language Ted Hardie
- Re: [Acme] Proposed ACME Charter Language Randy Bush
- Re: [Acme] Proposed ACME Charter Language Ted Hardie
- Re: [Acme] Proposed ACME Charter Language Martin Thomson
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Peter Eckersley
- Re: [Acme] Proposed ACME Charter Language Phillip Hallam-Baker
- Re: [Acme] Proposed ACME Charter Language Richard Barnes
- Re: [Acme] Proposed ACME Charter Language Joseph Lorenzo Hall
- Re: [Acme] Proposed ACME Charter Language Richard Barnes
- Re: [Acme] Proposed ACME Charter Language Ted Hardie
- Re: [Acme] Proposed ACME Charter Language Russ Housley
- Re: [Acme] Proposed ACME Charter Language Daniel Kahn Gillmor
- Re: [Acme] Proposed ACME Charter Language Paul Winkeler
- Re: [Acme] Proposed ACME Charter Language Joseph Lorenzo Hall
- Re: [Acme] Proposed ACME Charter Language Michael Ströder