[Acme] Fwd: EV ACME
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Wed, 09 October 2019 14:48 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F1D11200E0 for <acme@ietfa.amsl.com>; Wed, 9 Oct 2019 07:48:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UI3B19dXrhAK for <acme@ietfa.amsl.com>; Wed, 9 Oct 2019 07:47:59 -0700 (PDT)
Received: from mail-ot1-x335.google.com (mail-ot1-x335.google.com [IPv6:2607:f8b0:4864:20::335]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AC8B12010E for <acme@ietf.org>; Wed, 9 Oct 2019 07:47:59 -0700 (PDT)
Received: by mail-ot1-x335.google.com with SMTP id g13so1939407otp.8 for <acme@ietf.org>; Wed, 09 Oct 2019 07:47:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=WwnLj0t8ZFma6+HS/zRfqe+oN+jhkvcJgNPlNri+Rbo=; b=Izw6JrXYc20WMdVJ1kfNUooD/azE+7HGjQyQ7tJpU/qh6vxAjMp4xczWnd261MbvdY OPmM3yd5pfrGaJpXSnCZ3p1lq5baIZsbngiySARQD6+h1V7l/IL9E3YMibknWsdb2zQ3 YHejOTsfonrwUPP4q63JIJDBPzXh3UWsxpRbdvCVgTda0aEbz+jIgInXVQIha3WWd9fa IQx5NdExd/zoonQSEFXIszqxD3vHgNQmcypQwsiocgnSd5AWoEs38pybzL3kOeE7Xp+L wcm6OIUPCb6Vozy/o7vsaqgTaQW/kgFFhKaj+r6Fif9aZUu0CoVDrpEkrqN3NsQxbdvA VMTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=WwnLj0t8ZFma6+HS/zRfqe+oN+jhkvcJgNPlNri+Rbo=; b=nz5CGvZFDtbhdbz1IrnIApT6McsiXUUEgNfvz8k24DT2m/GA6mKNPFsb3h7NTZ0lbI 2LZ+IBGdhji1y7Xl8yUiWWX/Zv1w0ejg1juaS9RVokUyJoJorkJ9DNm8aG95Qld2qOXs sUFfTNZYXD0p7ZcTfXbUQleZkZefirlJ04TlX8HB3Yp52HVPIAUK7glbIjsgKfayxBsE v42JsW/8qRDyzmfwCRrTvdHDJy6MhZ9CNlliWfgkkoTOoqlhmyfmPgRGrkV44IVEGmNt 2tBz/hu9wb2CDgsBdtQqaknBsynHy3nPgXxfoxuSLwfeZ5Zp8o+abXOBst7jCbm1gBL5 Ci1w==
X-Gm-Message-State: APjAAAV+VPrnzx8Unjoitj9P76CF4aKI4mEbxYBzOutB3bhsi5zbDxu5 3KEDCf7fXjIsoqXjQY0996C64BCx552XmfEDKwpcydum
X-Google-Smtp-Source: APXvYqzcgCvShTV0CaLy7Xss+lbhPINouwx11Cfa3gGsABdaImbSPN62tulhz46EOEO4WhFmlYPitl0uX0jmfGvELWA=
X-Received: by 2002:a9d:53c4:: with SMTP id i4mr3380079oth.151.1570632478009; Wed, 09 Oct 2019 07:47:58 -0700 (PDT)
MIME-Version: 1.0
References: <BN6PR14MB1106A3919B49805F5D05A37E83580@BN6PR14MB1106.namprd14.prod.outlook.com> <CAHbuEH55K11QFw55bP974gDn3_gLtNB7LZZEdPL7Xv+z47JpqQ@mail.gmail.com> <BN6PR14MB110602210252888C1E97DB2883580@BN6PR14MB1106.namprd14.prod.outlook.com> <CAHbuEH4rPFRwDU7h6q-SM+YeFzqnsPq5sfFDNgmWj3jZD_WTqA@mail.gmail.com> <CAHbuEH5PqMN7upFxH7z0m3oAGy5CvQkJB1oMDQaPKe2DyL+ZnQ@mail.gmail.com> <CAHbuEH6rzr3MSCsHs883fkYTjDpLdwdfJ=4sqcbJNer4eDJfcQ@mail.gmail.com> <MWHPR14MB1456F15D5936D20CEED824C883850@MWHPR14MB1456.namprd14.prod.outlook.com>
In-Reply-To: <MWHPR14MB1456F15D5936D20CEED824C883850@MWHPR14MB1456.namprd14.prod.outlook.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Wed, 09 Oct 2019 10:47:21 -0400
Message-ID: <CAHbuEH7ChwEscPBqLygVVMGEgM1DTmm4Ah+c93mbDaUNq=8-9Q@mail.gmail.com>
To: IETF ACME <acme@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ecad3705947b5e8c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/aZR-Xm7Gci24RmM21GiQkqdQDMw>
Subject: [Acme] Fwd: EV ACME
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2019 14:48:01 -0000
Sharing comments to the list per Tim saying that would be okay. ---------- Forwarded message --------- From: Tim Hollebeek <tim.hollebeek@digicert.com> Date: Mon, Sep 23, 2019 at 3:56 PM Subject: RE: EV ACME To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> 1. Introduction “Code SIgning” -> “Code Signing” I don’t usually think of code signing being a subset of client certificates. I usually limit it to the Client Authentication EKU. 1. Top of page four: stray ? at end of line 2. Part 5: EV code signing certificates have a distinct set of requirements from EV web certificates. In particular, they don’t have associated domain names, nor is CAA checking done. It’s not entirely clear how it could be done, as the certificate links a public key to an organization, not a domain. 1. Lifetimes are less of an issue for code-signing certificates, but there is a legitimate use case for “one signature per certificate”, which also requires fast and easy issuance. Having only one signature per certificate makes it possible to revoke individual signatures. This should probably be discussed somewhere. *From:* Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> *Sent:* Friday, September 20, 2019 11:10 AM *To:* Tim Hollebeek <tim.hollebeek@digicert.com> *Subject:* Re: EV ACME Hi Tim, Are you interested to help still with the ACME client draft? Would you like to send additions changes or work from the file? Thank you, Kathleen
- [Acme] Fwd: EV ACME Kathleen Moriarty