Re: [Acme] acme in a firewalled environment
"Salz, Rich" <rsalz@akamai.com> Tue, 02 December 2014 18:55 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53F621A6FCF for <acme@ietfa.amsl.com>; Tue, 2 Dec 2014 10:55:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FVNsJuOkhFXy for <acme@ietfa.amsl.com>; Tue, 2 Dec 2014 10:55:54 -0800 (PST)
Received: from prod-mail-xrelay07.akamai.com (prod-mail-xrelay07.akamai.com [72.246.2.115]) by ietfa.amsl.com (Postfix) with ESMTP id 7F14F1A6FC9 for <acme@ietf.org>; Tue, 2 Dec 2014 10:55:54 -0800 (PST)
Received: from prod-mail-xrelay07.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id B76C6475CB; Tue, 2 Dec 2014 18:55:53 +0000 (GMT)
Received: from prod-mail-relay07.akamai.com (prod-mail-relay07.akamai.com [172.17.121.112]) by prod-mail-xrelay07.akamai.com (Postfix) with ESMTP id 8E1864755D; Tue, 2 Dec 2014 18:55:53 +0000 (GMT)
Received: from email.msg.corp.akamai.com (usma1ex-cas3.msg.corp.akamai.com [172.27.123.32]) by prod-mail-relay07.akamai.com (Postfix) with ESMTP id 8A01280048; Tue, 2 Dec 2014 18:55:53 +0000 (GMT)
Received: from usma1ex-cashub5.kendall.corp.akamai.com (172.27.105.21) by usma1ex-dag1mb2.msg.corp.akamai.com (172.27.123.102) with Microsoft SMTP Server (TLS) id 15.0.913.22; Tue, 2 Dec 2014 13:55:52 -0500
Received: from USMBX1.msg.corp.akamai.com ([169.254.1.15]) by USMA1EX-CASHUB5.kendall.corp.akamai.com ([172.27.105.21]) with mapi; Tue, 2 Dec 2014 13:55:52 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>, Richard Barnes <rlb@ipv.sx>
Date: Tue, 02 Dec 2014 13:55:52 -0500
Thread-Topic: [Acme] acme in a firewalled environment
Thread-Index: AdAOX27k78fHLRstQXyIzhzIs9mVrAAABNjg
Message-ID: <2A0EFB9C05D0164E98F19BB0AF3708C71D547A9BBD@USMBX1.msg.corp.akamai.com>
References: <547DFC4B.9040408@cisco.com> <547DFE94.6090307@cisco.com> <CAL02cgSsLk-xjnL1bC_FbeRykMzAU8a9h-JTqUu58_ZpipCuHQ@mail.gmail.com> <CAMm+Lwjss=jpmhiDRZ_tHy_Z5e9TjQ-Y8AqSKcKKLw1DKs11MQ@mail.gmail.com>
In-Reply-To: <CAMm+Lwjss=jpmhiDRZ_tHy_Z5e9TjQ-Y8AqSKcKKLw1DKs11MQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/hZhviDNsKCTPzZmBaj6XIje47lc
Cc: Ben Schumacher <bschumac@cisco.com>, "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] acme in a firewalled environment
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2014 18:55:56 -0000
> You assume that this is all going to be driven by the Web Server that is going > to use the certificate. That is a very limiting model. Yes, that is the model. I don't think it's limiting. It's deliberately not all-encompassing. The first version of ACME should be very constrained to meet its initial requirements. We don't want to boil the ocean or address EV certs or enterprise enrollment right away. There are many existing methods for doing those things. If some proprietary offerings are brought forward, we should look at reconciling them. Also, some folks have complained that there is no I-D yet. Really? Is it that important to have an individual I-D submission before there's even been a BoF about forming a WG? /r$
- Re: [Acme] acme in a firewalled environment Richard Barnes
- [Acme] acme in a firewalled environment Eliot Lear
- Re: [Acme] acme in a firewalled environment Ben Schumacher
- Re: [Acme] acme in a firewalled environment Phillip Hallam-Baker
- Re: [Acme] acme in a firewalled environment Phillip Hallam-Baker
- Re: [Acme] acme in a firewalled environment Salz, Rich
- Re: [Acme] acme in a firewalled environment Eliot Lear
- Re: [Acme] acme in a firewalled environment Stephen Farrell
- Re: [Acme] acme in a firewalled environment Stephen Farrell
- Re: [Acme] acme in a firewalled environment Phillip Hallam-Baker
- Re: [Acme] acme in a firewalled environment Stephen Farrell
- Re: [Acme] acme in a firewalled environment Phillip Hallam-Baker
- Re: [Acme] acme in a firewalled environment Martin Thomson