IETF Logo Mail Archive

Re: [Acme] [EXTERNAL] Re: acme-device-attest expired

Mike Malone <mike@smallstep.com> Thu, 22 February 2024 21:00 UTC

Return-Path: <mike@smallstep.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2059C1519B6 for <acme@ietfa.amsl.com>; Thu, 22 Feb 2024 13:00:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.004
X-Spam-Level:
X-Spam-Status: No, score=-7.004 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=smallstep.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9EZpcokvw94D for <acme@ietfa.amsl.com>; Thu, 22 Feb 2024 13:00:42 -0800 (PST)
Received: from mail-yb1-xb30.google.com (mail-yb1-xb30.google.com [IPv6:2607:f8b0:4864:20::b30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A9B7C14F708 for <acme@ietf.org>; Thu, 22 Feb 2024 13:00:42 -0800 (PST)
Received: by mail-yb1-xb30.google.com with SMTP id 3f1490d57ef6-dcc73148611so146407276.3 for <acme@ietf.org>; Thu, 22 Feb 2024 13:00:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smallstep.com; s=google; t=1708635641; x=1709240441; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=cHfXjv2I192Qd/I1x8mwiXVRHaHvXffUGTajK+2t7H8=; b=ALMq6IIB6JarkZd80sg9U3cZUlKTfzwl2nsd041eVPyjRiJX5DgmobRi3ewJOH5rxG utW9Kf8T/TkE4a9oT0wsjTP7O2WjGs72DPTLFEbdNMURlxKI6fMDcI+iQUY0HjMAyc7s Jl4hLAVWCrfRBF+X7dzRJqYLOlEvYTLlwFUrPcBTzutaijUeMRvsSkO3znlErRVAabHf n23jgwbip+MIxUWntd9va3gmrr/mFa1P3oC9Qmy4THSTbCUShnKAV7jqLYocuuFDiE2C uPnGsDWGiYanzDc2WWjG8jhe4b/Xwxea4XyfNNzD0eM0jqjDmV4SuvqQcsjDiiBLu8Qf 9J2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708635641; x=1709240441; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=cHfXjv2I192Qd/I1x8mwiXVRHaHvXffUGTajK+2t7H8=; b=VG/9Y5LaQdtBmGdqNJpcVrQv9r2YCxqXwHHS4tFnxCkR4wWBzAruJjFzEuPd3BkG/3 yCkFftHWBEQTJv1DEva0JGTtQRJCIdv0gPMn0S6z2Mk18kQFJKeXm81dZ1x1acQVRGcj jGllaVDplkWBnN4wGxMjIXJ9IsPPeijhgqof4l5hwd3jw/i3FFBsolMqG9NegsQJqt/S F4LGX/ETwybiqXdnXxB5ZUlvjAxnJ4JJX88wAM42XUc1MQ9y3qomdeSJOEwto3+gIb2w BAxoqz6X78c7U2m57PSX1x4c94mWj4ipDXcyz/WvonmQ76+gFSWxopFNS64TshshU8T0 qavA==
X-Forwarded-Encrypted: i=1; AJvYcCULTxpM4Pjneh9jbBiv4/oUoICiuzmU2qjROC7anGgkMAY+b4WXza93yxVdRVNtR7j+WfoxN4RrLK0ApATo
X-Gm-Message-State: AOJu0YwnhK2DnACB9+ESNjcr95QOxdpbf2El4N6xepaLFTvI2Ie5+hnB ZSiECSrhd4bUCqP/usx9rRhJSVAZnVl15WmzIXh4YNQBFwayLEMEqPkb0LTr9gxNsW1LE3U+TDN ubfDo+EOkSp7/5aecJlGPZvPVEOrwnpwuTM8rNQ==
X-Google-Smtp-Source: AGHT+IHnnQi+hAkyQlqBw5FV7ulYsfd1bw6dr4PbTcxT3HzU8BlQvFsPuhJl2NwlI004aXnDx9M5u6EksjGXwW/hkBY=
X-Received: by 2002:a25:a282:0:b0:dbd:c442:9e60 with SMTP id c2-20020a25a282000000b00dbdc4429e60mr306185ybi.36.1708635641576; Thu, 22 Feb 2024 13:00:41 -0800 (PST)
MIME-Version: 1.0
References: <CAObGJnMnuZu6St4zZT27jgq6OnR6aSdCUy9RS_m-C0Fv1ta-nQ@mail.gmail.com> <CAA1-vB3tom_rEqSc+P7oQfNeYvKwPdp8mzVNKZrj+QSTW6tiAQ@mail.gmail.com> <CAGgd1Oe0U=WQPsgYQ76X4-bTkesPAd4ezPzLPEJf=gYO-qmLNQ@mail.gmail.com> <CAA1-vB184w6DVaxrD1dZCcaTJc9W_1D6Jv-cBGp1sVcZvDckiQ@mail.gmail.com> <CH0PR11MB5739186FCEF7D97A61D47EDD9F562@CH0PR11MB5739.namprd11.prod.outlook.com>
In-Reply-To: <CH0PR11MB5739186FCEF7D97A61D47EDD9F562@CH0PR11MB5739.namprd11.prod.outlook.com>
From: Mike Malone <mike@smallstep.com>
Date: Thu, 22 Feb 2024 13:00:30 -0800
Message-ID: <CAOEiZmHyrZZD3jqQtdNiYyxkLeCYjELRf4Mb5dhk2_m5Cnh2Tw@mail.gmail.com>
To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>
Cc: Prachi Jain <prachi.jain1288@gmail.com>, Deb Cooley <debcooley1@gmail.com>, Thomas Fossati <tho.ietf@gmail.com>, "acme@ietf.org" <acme@ietf.org>, "draft-acme-device-attest.authors@ietf.org" <draft-acme-device-attest.authors@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000077983f0611febc4d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/q08c4dEhV3HtnNcPzIT-8twWKsU>
Subject: Re: [Acme] [EXTERNAL] Re: acme-device-attest expired
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Feb 2024 21:00:46 -0000

It's worth noting that Apple has already implemented this draft on macOS,
iOS, iPadOS, and tvOS[1]. We've implemented the server side at Smallstep
and can confirm that there is adoption. That shouldn't stop the evolution
of this draft, of course, but could help inform it. Adoption is promising
and it would be unfortunate to see this die at draft.

We don't have any experienced IETF authors here -- not sure what that
entails -- but we are very interested in the outcome here and would be
happy to help however we can. To start, I've shared this with a few
contacts that I know will also be interested.

Mike

[1] https://support.apple.com/lt-lt/guide/deployment/dep28afbde6a/web

On Thu, Feb 22, 2024 at 12:21 PM Mike Ounsworth <Mike.Ounsworth=
40entrust.com@dmarc.ietf.org> wrote:

> At the risk of adding another draft to my plate, I am the lead author on
> draft-ietf-lamps-csr-attestation, so I suppose it is reasonable for me to
> volunteer to work on this one also.
>
>
>
> I wonder if the design of acme-device-attest should change in light of the
> existence of draft-ietf-lamps-csr-attestation? But I admit to not having
> read acme-device-attest in a while :/
>
>
>
> ---
>
> *Mike* Ounsworth
>
>
>
> *From:* Acme <acme-bounces@ietf.org> *On Behalf Of *Prachi Jain
> *Sent:* Thursday, February 22, 2024 6:03 AM
> *To:* Deb Cooley <debcooley1@gmail.com>
> *Cc:* Thomas Fossati <tho.ietf@gmail.com>; acme@ietf.org;
> draft-acme-device-attest.authors@ietf.org
> *Subject:* [EXTERNAL] Re: [Acme] acme-device-attest expired
>
>
>
> Thank you for the update, Deb. I am more than willing to work as an author
> on this draft and help out :) On Thu, Feb 22, 2024 at 5: 28 AM Deb Cooley
> <debcooley1@ gmail. com> wrote: I know Brandon has been busy, but I don't
> know his plans
>
> Thank you for the update, Deb.
>
>
>
> I am more than willing to work as an author on this draft and help out :)
>
>
>
> On Thu, Feb 22, 2024 at 5:28 AM Deb Cooley <debcooley1@gmail.com> wrote:
>
> I know Brandon has been busy, but I don't know his plans for this draft.
> Maybe his use case has changed?  I've cc'd him on this message.
>
>
>
> Note:  acme is a 'working group', to get a draft through the process
> people have to be willing to work on the draft (vice merely following).
> Also drafts can certainly have multiple authors, perhaps an offer of
> helping as an author might work.
>
>
>
> Deb
>
>
>
> On Tue, Feb 20, 2024 at 11:01 AM Prachi Jain <prachi.jain1288@gmail.com>
> wrote:
>
> Hello,
>
> I have been closely following this document as well and would like to know
> the status of the same.
>
> Thanks,
> Prachi
>
>
>
> On Sun, Feb 18, 2024 at 1:57 AM Thomas Fossati <tho.ietf@gmail.com> wrote:
>
> Hi, all,
>
> The acme-device-attest draft is expired.
>
> Just checking: what are the plans?
>
> cheers, thanks!
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
> <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/acme__;!!FJ-Y8qCqXTj2!ZpiFHiNqjoIYpSwf-NWcpF4npfhv0fs0h1DfNQ82nrL17Uiy4d4RIWH4gGVLXQyjT68S1PkaY3m248MMkAE2Gdu_c1MH60I$>
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
> <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/acme__;!!FJ-Y8qCqXTj2!ZpiFHiNqjoIYpSwf-NWcpF4npfhv0fs0h1DfNQ82nrL17Uiy4d4RIWH4gGVLXQyjT68S1PkaY3m248MMkAE2Gdu_c1MH60I$>
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>

v2.23.0 | Report a Bug | By Email