Re: [Acme] ACME or EST?
Eliot Lear <lear@cisco.com> Fri, 28 November 2014 16:05 UTC
Return-Path: <lear@cisco.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECC2E1A016F for <acme@ietfa.amsl.com>; Fri, 28 Nov 2014 08:05:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AVR0sr5F1e2L for <acme@ietfa.amsl.com>; Fri, 28 Nov 2014 08:05:38 -0800 (PST)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E5BD1A0151 for <acme@ietf.org>; Fri, 28 Nov 2014 08:05:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1550; q=dns/txt; s=iport; t=1417190738; x=1418400338; h=message-id:date:from:mime-version:to:subject:references: in-reply-to; bh=g/Ik14vIRQ+9sXMcE0ZafHo/QdGg1mwj3phSKUtKtas=; b=ZKYGiwbYxpXwjt8I75Q0v7jnw6ak22SNJNOHZ2TFlPz75bOi2F20qCx6 YRIShlehQMDqx5GZW1cD6/G/awMgsb5B4ReFdhGMi8eCGnFtEtjqnq55h BN8qZm1hoEDu40/2Mj9B8MhFfEf0+nwwSPivSvlnxGuF32Pj+CDqGCPza A=;
X-Files: signature.asc : 486
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AqYEAL2ceFStJssW/2dsb2JhbABbzy2DEQKBJAEBAQEBfYQDAQEEI1URCxgJFgsCAgkDAgECAUUTCAEBiDy8VJVWAQEBBwIgkQIWgmKBVQEElQyBVYggiAyPEIN9PoJ6AQEB
X-IronPort-AV: E=Sophos;i="5.07,477,1413244800"; d="asc'?scan'208";a="252934775"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP; 28 Nov 2014 16:05:35 +0000
Received: from [10.61.90.213] (ams3-vpn-dhcp6870.cisco.com [10.61.90.213]) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id sASG5ZFQ002192 for <acme@ietf.org>; Fri, 28 Nov 2014 16:05:35 GMT
Message-ID: <54789D4F.5060406@cisco.com>
Date: Fri, 28 Nov 2014 17:05:35 +0100
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: acme@ietf.org
References: <AD5940AA-6F01-4D0E-A4E0-19AEA56BBED3@vpnc.org> <CAL02cgTgpjQffow2XuaNuT7BtqYVttXdVUgyqBFbsAbN4g0VzQ@mail.gmail.com> <DEC7A8A8-563D-41B3-94AC-71DC7219D3F8@cisco.com> <m27fyg4yzg.wl%randy@psg.com> <547754C0.9050306@cs.tcd.ie> <20141127211348.GE25114@mournblade.imrryr.org>
In-Reply-To: <20141127211348.GE25114@mournblade.imrryr.org>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="CdINSPk8TNN39MMdfIhmTjrQLgsSnlcaA"
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/a8PT4HYgzPuYCGE9EDTGf-mrBKg
Subject: Re: [Acme] ACME or EST?
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Nov 2014 16:05:43 -0000
Viktor, On 11/27/14, 10:13 PM, Viktor Dukhovni wrote: > > A certification authority that always accepts the weakest form of > evidence even for domains that should be able to present stronger > evidence would be unfortunate by bringing everyone's security down > to the lowest common denominator. What you've written above is quite consistent with the notion of opportunistic security ;-) At the same time, I'm not sure what it means in practice. Does it mean, for instance, that DV is not to be allowed? Is a single system required, or is there some sort of classification approach? Eliot
- [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Joe Hildebrand (jhildebr)
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Michael Jenkins
- Re: [Acme] ACME or EST? Stephen Farrell
- [Acme] first order requirement - suitable as an o… Stephen Farrell
- Re: [Acme] ACME or EST? Salz, Rich
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] ACME or EST? Joe Hildebrand (jhildebr)
- Re: [Acme] ACME or EST? Stephen Farrell
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Viktor Dukhovni
- Re: [Acme] ACME or EST? Christian Huitema
- [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Christian Huitema
- [Acme] kinds of proof (was: Re: ACME or EST?) Stephen Farrell
- Re: [Acme] kinds of proof (was: Re: ACME or EST?) Phillip Hallam-Baker
- Re: [Acme] kinds of proof Stephen Farrell
- Re: [Acme] kinds of proof Salz, Rich
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Eric Rescorla
- Re: [Acme] ACME or EST? Eliot Lear
- Re: [Acme] kinds of proof (was: Re: ACME or EST?) Viktor Dukhovni
- Re: [Acme] kinds of proof Phillip Hallam-Baker
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Nico Williams
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Tony Arcieri
- Re: [Acme] kinds of proof Eric Mill
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Christian Huitema
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Phillip Hallam-Baker
- Re: [Acme] kinds of proof Trevor Freeman
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] kinds of proof Martin Thomson