[Acme] first order requirement - suitable as an on out of the box default

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 26 November 2014 01:41 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 6EF071A8A13 for <acme@ietfa.amsl.com>; Tue, 25 Nov 2014 17:41:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.79
X-Spam-Status: No, score=0.79 tagged_above=-999 required=5 tests=[BAYES_50=0.8, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id nMOkkQuiP7oL for <acme@ietfa.amsl.com>; Tue, 25 Nov 2014 17:41:48 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie []) by ietfa.amsl.com (Postfix) with ESMTP id 0385A1A8A12 for <acme@ietf.org>; Tue, 25 Nov 2014 17:41:47 -0800 (PST)
Received: from localhost (localhost []) by mercury.scss.tcd.ie (Postfix) with ESMTP id DD22CBED8 for <acme@ietf.org>; Wed, 26 Nov 2014 01:41:46 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([]) by localhost (mercury.scss.tcd.ie []) (amavisd-new, port 10024) with ESMTP id 9mpKBGAVyDWT for <acme@ietf.org>; Wed, 26 Nov 2014 01:41:45 +0000 (GMT)
Received: from [] (unknown []) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id AD169BED7 for <acme@ietf.org>; Wed, 26 Nov 2014 01:41:45 +0000 (GMT)
Message-ID: <54752FD9.6040708@cs.tcd.ie>
Date: Wed, 26 Nov 2014 01:41:45 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: acme@ietf.org
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/myzLt3ce6RrkqP3QRz50OUd7Arc
Subject: [Acme] first order requirement - suitable as an on out of the box default
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2014 01:41:49 -0000

Correct me if I'm wrong but I'm hoping that a first order
requirement for acme is that it be designed to work, and
actually works, in a situation where the CA is not trying
to make money or to get anyone to sign in blood as to the
binding between an identifier and public key. Or indeed
between loads of identifiers and loads of public keys,
under some rational constraints about names. And that it
can hence be confidently used as an out of the box default
by web servers, xmpp servers, mail servers, clients etc etc.

I think that is a new priority, but not a new requirement,
and assuming that the crew who're behind acme deliver the
other goods promised, then that in itself will I think be
enough to justify them deciding to prefer punch cards if
that's what works out of the box, by default and for anyone
who's bothered to jump through a few name binding hoops.

Frankly, I couldn't give a rat's arse if its asn.1 or xml
or json or punch cards via courier, or pigeons, so long as
it works well enough, as a default, and at scale.

So I'g suggest dumping the arguments about representation
and just asking whoever's willing to host a service that'll
work what they like today, and then making sure the protocol
can do everything that the clients of that need, via that
representation. If another CA with a different whimsy turns
up tomorrow, it's not hard to map from one representation
to another. And we can setup a new list for that in about
a few hours.


PS: I've nothing at all against the current CAs charging,
and used to earn a living selling folks that s/w. It's a
fine, but subtly different, thing to be doing compared to
what I hope this list ends up producing.

PPS: I've no clue if the folks behind this will manage to
deliver, but they sure seem like they've a great chance at
so doing, so I'll cut 'em slack until developments develop.