Re: [Acme] acme in a firewalled environment
Ben Schumacher <bschumac@cisco.com> Tue, 02 December 2014 18:01 UTC
Return-Path: <bschumac@cisco.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B5C31A0392 for <acme@ietfa.amsl.com>; Tue, 2 Dec 2014 10:01:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s99FTTBVyT0w for <acme@ietfa.amsl.com>; Tue, 2 Dec 2014 10:01:55 -0800 (PST)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 655561A1AAC for <acme@ietf.org>; Tue, 2 Dec 2014 10:01:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=741; q=dns/txt; s=iport; t=1417543315; x=1418752915; h=message-id:date:from:mime-version:to:subject:references: in-reply-to:content-transfer-encoding; bh=EJW7Lf+E49xcoSk/FFGpd37MMENT+1o+au/iXj4WJow=; b=QMbdePivfwTQnsT4YEjpyNA2KxuwsEKPRRbOY3Lh89NXJSvw7YCbQJfZ 2cs0OU0PLsAgSZVgdoTy+JPKliG0P7qLi1+Lq0CrD/3yDvbKeCzXaoaIg aw3EKH7yKkEWBR/sD4ue/KEjp3Qe8rJTSvEfBJU1BiiS33sdMtMrZgumW k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AkMHAIT9fVStJA2D/2dsb2JhbABbgweEMLBRAQEBAQEBBQF3mFYCgSQWAQEBAQF9hAMBAQQjFUARCxgCAgUWCwICCQMCAQIBRRMIAQGIPMAfllwBAQEBBgIBH4ErhQiKQxaCX4FTAQSLAZEFgSyGGolZhAKEGx+CdwEBAQ
X-IronPort-AV: E=Sophos;i="5.07,502,1413244800"; d="scan'208";a="376950694"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by rcdn-iport-3.cisco.com with ESMTP; 02 Dec 2014 18:01:54 +0000
Received: from [10.129.24.137] ([10.129.24.137]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id sB2I1sEh020336 for <acme@ietf.org>; Tue, 2 Dec 2014 18:01:54 GMT
Message-ID: <547DFE94.6090307@cisco.com>
Date: Tue, 02 Dec 2014 11:01:56 -0700
From: Ben Schumacher <bschumac@cisco.com>
Organization: Cisco Systems, Inc.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: acme@ietf.org
References: <547DFC4B.9040408@cisco.com>
In-Reply-To: <547DFC4B.9040408@cisco.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/osE6lBk8TjJrNiV6QGLSQQVQv3I
Subject: Re: [Acme] acme in a firewalled environment
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2014 18:01:57 -0000
On 12/2/14 10:52 AM, Eliot Lear wrote: > Question: > > Are the myriad of enterprise servers in scope for ACME? In those > environments it's not unreasonable to assume that a firewall exists to > prevent incoming connections, and DNS control is not available. In fact > split DNS might introduce all sorts of fun resolution issues even if > control is possible from the inside. Eliot- I would say it is probably out of scope, with regard to public CAs, but there is nothing that would prevent an enterprise-wide CA that could be ACME enabled. For example, ACME could be integrated into the Certificate Management functionality of your enterprise directory services / host management infrastructure. Thanks, Ben
- Re: [Acme] acme in a firewalled environment Richard Barnes
- [Acme] acme in a firewalled environment Eliot Lear
- Re: [Acme] acme in a firewalled environment Ben Schumacher
- Re: [Acme] acme in a firewalled environment Phillip Hallam-Baker
- Re: [Acme] acme in a firewalled environment Phillip Hallam-Baker
- Re: [Acme] acme in a firewalled environment Salz, Rich
- Re: [Acme] acme in a firewalled environment Eliot Lear
- Re: [Acme] acme in a firewalled environment Stephen Farrell
- Re: [Acme] acme in a firewalled environment Stephen Farrell
- Re: [Acme] acme in a firewalled environment Phillip Hallam-Baker
- Re: [Acme] acme in a firewalled environment Stephen Farrell
- Re: [Acme] acme in a firewalled environment Phillip Hallam-Baker
- Re: [Acme] acme in a firewalled environment Martin Thomson