[Acme] FW: New Version Notification for draft-ietf-acme-star-delegation-04.txt
Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 25 August 2020 12:28 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77DF73A0CC4 for <acme@ietfa.amsl.com>; Tue, 25 Aug 2020 05:28:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Level:
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9GwCKL3zmBdK for <acme@ietfa.amsl.com>; Tue, 25 Aug 2020 05:28:33 -0700 (PDT)
Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B0493A0CB9 for <acme@ietf.org>; Tue, 25 Aug 2020 05:28:33 -0700 (PDT)
Received: by mail-wr1-x42e.google.com with SMTP id x7so6470094wro.3 for <acme@ietf.org>; Tue, 25 Aug 2020 05:28:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=user-agent:date:subject:from:to:message-id:thread-topic:references :in-reply-to:mime-version:content-transfer-encoding; bh=yEei3BXiKCu0CBFP2eeLGluWcO/xKfi7a6dFpMWyHms=; b=DdYeu/gFWfueZo7UztHeLV8Ht4woRqE50fs3VcVA5RduIpDFLGaBz4+U+E1H8kxEVG Uah83y6gr+BEDUX++kFTMcXJsfbawVq1ezG+llq2Z5vCC2fhd5jsB9gPmFiKgKdE/OOo 6hzpbFgfXvlNXT4MhXgBdbF0X4IWkEe520duqjO4qKovHVM03FWArVlrGZgnkxQQeTKK 6JS9XCvbTODUVPrpqiqCobexWw41a7mUd25zCJgHUOeLY4GgLEDGruw6oS40dcbwWfcQ Iy7FeHpR3nLvuxJnSokeVOqg5E19oTd4G6cmmUJ76MiSX4yVg46L8JK6gM3XNYLPdI+i RQig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:references:in-reply-to:mime-version :content-transfer-encoding; bh=yEei3BXiKCu0CBFP2eeLGluWcO/xKfi7a6dFpMWyHms=; b=cfeydg5OvxTOHG7ygL1wNQ6r4rErWMdI/psfnoK+a8SYlhRaqurm/VS6hxO6WyozLt yluf611SfHu9m0z4LIjeGF757p1uKNUrsasftb29Fl8viYM+ebzUq3ormsYPprjX5aWL 9+MRL+QxLLLMbdZ0u1kNppo4Kc20d5bOn1ScpjekBMXrMp91UfoTOTAWX15rLK73AgTE qjdiN85DM9NlKORwiDMXD/xDesOK3AI4bKoFao05y2QVaeMSp42RzoDjJJ+y7EQ7Loi/ 5iDYRpHefpsTQbXtmOXviB4nfsfdi26uWRMpG/897Ky7fcVjB2+jgh3RBH252v3Yoerz yfwA==
X-Gm-Message-State: AOAM532t9sSBJyzP4cfrqm0PVbohnwSrmE5HfLlgUJO836RH/wTmGaAX Apza0kOBISLopF1hGM2N0TSa/K0RQQw=
X-Google-Smtp-Source: ABdhPJwFWR40c6kIzwSAl2L756dF5aos2mPLJkGkvwOYoTve2+ZDyQm3DDZRFvioEPMexCF9PESe4Q==
X-Received: by 2002:adf:8504:: with SMTP id 4mr6178816wrh.289.1598358511494; Tue, 25 Aug 2020 05:28:31 -0700 (PDT)
Received: from [10.0.0.139] (bzq-79-177-122-250.red.bezeqint.net. [79.177.122.250]) by smtp.gmail.com with ESMTPSA id b8sm8650340wrx.76.2020.08.25.05.28.30 for <acme@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 25 Aug 2020 05:28:30 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/16.40.20081000
Date: Tue, 25 Aug 2020 15:28:29 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: "acme@ietf.org" <acme@ietf.org>
Message-ID: <7490D832-FFC0-438A-8AB8-722152F18E04@gmail.com>
Thread-Topic: New Version Notification for draft-ietf-acme-star-delegation-04.txt
References: <159835802645.10396.2671621564275869943@ietfa.amsl.com>
In-Reply-To: <159835802645.10396.2671621564275869943@ietfa.amsl.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/a0E57hDmFe3P-jDVpMQQubosctk>
Subject: [Acme] FW: New Version Notification for draft-ietf-acme-star-delegation-04.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Aug 2020 12:28:35 -0000
Dear ACME team, We just submitted a major revision to this document. Summary of changes: * Delegation of non-STAR certificates. * More IANA clarity, specifically on certificate extensions. * Add delegation configuration object and extend account and order objects accordingly. * A lot more depth on Security Considerations. Note: We consider delegation of regular (non-STAR) certificates a useful feature, but not a central use case. Therefore we kept most of the body of the spec focused on STAR certificates, with the changes for non-STAR certs listed in Sec. 2.4. Thanks, Yaron On 8/25/20, 15:20, "internet-drafts@ietf.org" <internet-drafts@ietf.org> wrote: A new version of I-D, draft-ietf-acme-star-delegation-04.txt has been successfully submitted by Yaron Sheffer and posted to the IETF repository. Name: draft-ietf-acme-star-delegation Revision: 04 Title: An ACME Profile for Generating Delegated STAR Certificates Document date: 2020-08-25 Group: acme Pages: 33 URL: https://www.ietf.org/internet-drafts/draft-ietf-acme-star-delegation-04.txt Status: https://datatracker.ietf.org/doc/draft-ietf-acme-star-delegation/ Htmlized: https://tools.ietf.org/html/draft-ietf-acme-star-delegation-04 Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-acme-star-delegation Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-acme-star-delegation-04 Abstract: This memo proposes a profile of the ACME protocol that allows the owner of an identifier (e.g., a domain name) to delegate to a third party access to a certificate associated with said identifier. A primary use case is that of a CDN (the third party) terminating TLS sessions on behalf of a content provider (the owner of a domain name). The presented mechanism allows the owner of the identifier to retain control over the delegation and revoke it at any time by cancelling the associated STAR certificate renewal with the ACME CA. Another key property of this mechanism is it does not require any modification to the deployed TLS ecosystem. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [Acme] FW: New Version Notification for draft-iet… Yaron Sheffer