IETF Logo Mail Archive

Re: [Acme] Proposed ACME Charter Language

"Songhaibin (A)" <haibin.song@huawei.com> Wed, 29 April 2015 09:00 UTC

Return-Path: <haibin.song@huawei.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FEC61A8A8F for <acme@ietfa.amsl.com>; Wed, 29 Apr 2015 02:00:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vOwhBzUFQzHG for <acme@ietfa.amsl.com>; Wed, 29 Apr 2015 02:00:55 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56CED1A9077 for <acme@ietf.org>; Wed, 29 Apr 2015 02:00:55 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml404-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BVL69033; Wed, 29 Apr 2015 09:00:53 +0000 (GMT)
Received: from NKGEML410-HUB.china.huawei.com (10.98.56.41) by lhreml404-hub.china.huawei.com (10.201.5.218) with Microsoft SMTP Server (TLS) id 14.3.158.1; Wed, 29 Apr 2015 10:00:50 +0100
Received: from NKGEML501-MBS.china.huawei.com ([169.254.2.244]) by nkgeml410-hub.china.huawei.com ([10.98.56.41]) with mapi id 14.03.0158.001; Wed, 29 Apr 2015 17:00:44 +0800
From: "Songhaibin (A)" <haibin.song@huawei.com>
To: Russ Housley <housley@vigilsec.com>, IETF ACME <acme@ietf.org>
Thread-Topic: [Acme] Proposed ACME Charter Language
Thread-Index: AQHQe34i5W3fEbQu50yxzcmAJ6cgv51VhHKAgAADz4CAAAJqAIAAAYmAgAgdF4CAAAQYAIAAF/4AgAX4kJA=
Date: Wed, 29 Apr 2015 09:00:43 +0000
Message-ID: <E33E01DFD5BEA24B9F3F18671078951F65279C87@nkgeml501-mbs.china.huawei.com>
References: <6A9C3116-8CC9-472C-8AA8-F555D060834C@vigilsec.com> <55351EAB.1060905@cs.tcd.ie> <E81896AA-245F-48B7-9B38-86AC30D2F82A@vigilsec.com> <553523E4.2090808@cs.tcd.ie> <84718B26-1DA3-4D46-8B6F-B615806229D7@vigilsec.com> <CABcZeBOy2yBEMGMxcDy=E3fvc+OF1sZfvOV7twJHAvKqtrxtLg@mail.gmail.com> <28919F11-9336-41F6-9922-4E3E2DC4E935@gmail.com> <BD7B96B1-CD50-408F-AA06-49C20AB102A6@vigilsec.com>
In-Reply-To: <BD7B96B1-CD50-408F-AA06-49C20AB102A6@vigilsec.com>
Accept-Language: en-US, zh-CN
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.138.41.88]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/i2_Ka35xrgpLGsot7BUJYBoQWW4>
Subject: Re: [Acme] Proposed ACME Charter Language
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Apr 2015 09:00:57 -0000

And I think at the initial stage, the WG must consider the future extensibility to accommodate other types of certificates (beyond domain name certificates used by web servers). So discussion or documentation about other use cases are also helpful at the initial stage.

Best Regards!
-Haibin


> -----Original Message-----
> From: Acme [mailto:acme-bounces@ietf.org] On Behalf Of Russ Housley
> Sent: Sunday, April 26, 2015 5:46 AM
> To: IETF ACME
> Subject: Re: [Acme] Proposed ACME Charter Language
> 
> Here is the currrent language ...
> 
> Russ
> 
> = = = = = = = = = =
> 
> 
> Automated Certificate Management Environment (ACME)
> 
> Historically, issuance of certificates for Internet applications (e.g., web servers)
> has involved many manual identity validation steps by the certification
> authority (CA).  The ACME WG will specify conventions for automated X.509
> certificate management, including validation of control over an identifier,
> certificate issuance, certificate renewal, and certificate revocation.  The initial
> focus of the ACME WG will be on domain name certificates (as used by web
> servers), but other uses of certificates can be considered as work progresses.
> 
> ACME certificate management must allow the CA to verify, in an automated
> manner, that the party requesting a certificate has authority over the
> requested identifiers, including the subject and subject alternative names.
> The processing must also confirm that the requesting party has access to the
> private key that corresponds to the public key that will appear in the certificate.
> All of the processing must be done in a manner that is compatible with common
> service deployment environments, such as hosting environments.
> 
> ACME certificate management must, in an automated manner, allow a party
> that has previously requested a certificate to subsequently request revocation
> of that certificate.
> 
> In order to facilitate deployment by CAs, the ACME protocol must be
> compatible with common industry standards for the operation of a CA, for
> example the CA/Browser Forum Baseline Requirements [0].
> 
> The starting point for ACME WG discussions shall be draft-barnes-acme.
> 
> [0] https://cabforum.org/wp-content/uploads/BRv1.2.3.pdf
> 
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme

v2.23.0 | Report a Bug | By Email