Re: [Acme] Proposed ACME Charter Language

Eric Rescorla <ekr@rtfm.com> Sat, 25 April 2015 20:06 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A75C21B2FAB for <acme@ietfa.amsl.com>; Sat, 25 Apr 2015 13:06:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JBvR8wIp6XOl for <acme@ietfa.amsl.com>; Sat, 25 Apr 2015 13:06:19 -0700 (PDT)
Received: from mail-wg0-f48.google.com (mail-wg0-f48.google.com [74.125.82.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB7D21ACF5B for <acme@ietf.org>; Sat, 25 Apr 2015 13:06:18 -0700 (PDT)
Received: by wgso17 with SMTP id o17so80791182wgs.1 for <acme@ietf.org>; Sat, 25 Apr 2015 13:06:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=iXDrROOj+Bbqo2dE13+ohZY7KXtcncskFxZ2WUBtqJs=; b=XpHYvi+znN/jrWXel4TIlE2hWJBlXbFyWHmphJ3YwqsNBkBK07qEeZT+q2tcqV52SK xP6KV+YDLst2i8DJRf1ZCaiBk7dGZiUVbBECoq03gfTWwCO0vM6TkwdrK0goCGy1ZY/c H02FHSGhjdUVwIwHMd6fO93Ir/6+/lH5UGDkh8oxMieiNilRYLwSz5fWqVCIKFmP55Vi 6Dvx0IRjW+qpINmHdrYBd1Jd1kHpjrcdKhDWSIdoMdYqeJKqRBvw4mGph7JUb0VHfaab +pbIaubr/Pnag5ev4pV9fka/7/O3sog9Ukl4TkHXvKv2X8t2mzipgLE6zJoA3SEqOVKv Qn5A==
X-Gm-Message-State: ALoCoQlbdXo+XUMJus0r9e0tESYDFgxb/mODQhLyJm1hX2gvPAN1dIy8ZFX2K8i3Wh4t+N8m3Qm3
X-Received: by 10.194.173.226 with SMTP id bn2mr8791117wjc.148.1429992377649; Sat, 25 Apr 2015 13:06:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.205.87 with HTTP; Sat, 25 Apr 2015 13:05:37 -0700 (PDT)
In-Reply-To: <84718B26-1DA3-4D46-8B6F-B615806229D7@vigilsec.com>
References: <6A9C3116-8CC9-472C-8AA8-F555D060834C@vigilsec.com> <55351EAB.1060905@cs.tcd.ie> <E81896AA-245F-48B7-9B38-86AC30D2F82A@vigilsec.com> <553523E4.2090808@cs.tcd.ie> <84718B26-1DA3-4D46-8B6F-B615806229D7@vigilsec.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 25 Apr 2015 13:05:37 -0700
Message-ID: <CABcZeBOy2yBEMGMxcDy=E3fvc+OF1sZfvOV7twJHAvKqtrxtLg@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary=089e013c66a0b3934f0514920b77
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/hGmcbGavmxu7NB6wJLy2UG1T_U4>
Cc: IETF ACME <acme@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [Acme] Proposed ACME Charter Language
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Apr 2015 20:06:21 -0000

On Mon, Apr 20, 2015 at 9:11 AM, Russ Housley <housley@vigilsec.com> wrote:

> Stephen:
>
> If that paragraph were removed, would you be happier with the charter?  If
> so, consider it gone.  I'm willing to assume that an attempt to replace
> things that people are using will meet with vigorous discussion.


I would suggest we do as you propose and remove this text. I think there
will
be plenty of occasion for people in the WG to argue about using existing
stuff
versus building anew.

-Ekr


>
> Russ
>
>
> On Apr 20, 2015, at 12:05 PM, Stephen Farrell wrote:
>
> >
> >
> > On 20/04/15 16:57, Russ Housley wrote:
> >> Stephen:
> >>
> >> I did not see the ACME effort as trying to throw everything out.
> >
> > If it is not used, then I don't think we're throwing it out:-)
> >
> >> Rather, throw out the parts that have been an impediment to the kind
> >> of automation proposed by ACME, but document the shortcoming.
> >
> > Sorry, I'm still not getting it. I don't see any need for ACME
> > to document why CMP etc failed or what was wrong with CMP that
> > may have caused it to fail. And the same for CMC etc. BTW by
> > "fail" here I mean: not used by the major deployed PKIs on the
> > public Internet.
> >
> > I also see no need at all to even try to re-use ASN.1 PDU
> > structures that are defined in CRMF etc.
> >
> > I do think that ACME ought learn from the past of course, and
> > am confident that there will be enough participants involved
> > who have that history for that to not be problematic.
> >
> > But I do not think ACME ought be required to re-use any ASN.1
> > PDU definitions from any previous RFCs on this topic.
> >
> > Do we agree or disagree on that last? (I'm trying to get to
> > quite specific meanings for "duplicate.")
> >
> > Cheers,
> > S.
> >
> >
> >
> >>
> >> Russ
> >>
> >> On Apr 20, 2015, at 11:43 AM, Stephen Farrell wrote:
> >>
> >>>
> >>> Hi Russ,
> >>>
> >>> This bit puzzles me a lot, other bits puzzle me a little:-)
> >>>
> >>> On 20/04/15 16:23, Russ Housley wrote:
> >>>> The ACME WG will not duplicate work from previous IETF
> >>>> certificate management efforts.
> >>>
> >>> If accepted, that would seem to me to nullify the entire effort.
> >>> Can you explain why I'm reading it wrong?
> >>>
> >>> ACME absolutely will duplicate work from previous IETF certificate
> >>> management efforts that have failed to get traction over the last
> >>> decade and a half. That is entirely fine IMO and needs no explicit
> >>> justification whatsoever since we have 15 years of crystal clear
> >>> non-use, outside of niche environments. (It is true that what is
> >>> now considered a niche was not so considered back then.)
> >>>
> >>> In fact I believe anyone who claims such duplication is a problem
> >>> should be the one to provide evidence for that by documenting
> >>> exactly why and at what scale.
> >>>
> >>> It is just not credible for us to pretend that CMC, CMP, or EST are
> >>> widely used for certificate management on the public Internet. If
> >>> I'm wrong there I would really love to see the evidence but absent
> >>> such, duplicating bits of functionality present in current RFCs
> >>> that are not at all widely used is what is needed for this effort
> >>> and needs to be encouraged.
> >>>
> >>> I think we really ought bottom out on this aspect before chartering
> >>> - it'd be dumb of us to charter an ACME WG that has to fight all
> >>> the CRMF battles over again, or the ASN.1 vs. whatever issues. So I
> >>> hope lots of voices chime in and say what they think.
> >>>
> >>> S.
> >>>
> >>> _______________________________________________ Acme mailing list
> >>> Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
> >>
> >>
> >>
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>