Re: [Acme] kinds of proof

Paul Hoffman <paul.hoffman@vpnc.org> Sun, 30 November 2014 03:30 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AADE31A0147 for <acme@ietfa.amsl.com>; Sat, 29 Nov 2014 19:30:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.647
X-Spam-Level:
X-Spam-Status: No, score=-3.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cnVmYUzrgbts for <acme@ietfa.amsl.com>; Sat, 29 Nov 2014 19:30:01 -0800 (PST)
Received: from proper.com (Hoffman.Proper.COM [207.182.41.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EDF31A0144 for <acme@ietf.org>; Sat, 29 Nov 2014 19:30:01 -0800 (PST)
Received: from [10.20.30.90] (142-254-17-119.dsl.dynamic.fusionbroadband.com [142.254.17.119]) (authenticated bits=0) by proper.com (8.14.9/8.14.7) with ESMTP id sAU3U0nM077714 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <acme@ietf.org>; Sat, 29 Nov 2014 20:30:01 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: proper.com: Host 142-254-17-119.dsl.dynamic.fusionbroadband.com [142.254.17.119] claimed to be [10.20.30.90]
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <20141129221139.GL285@mournblade.imrryr.org>
Date: Sat, 29 Nov 2014 19:29:59 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <2B947AA7-1F40-4935-B003-F86A4FF4BB3A@vpnc.org>
References: <m27fyg4yzg.wl%randy@psg.com> <547754C0.9050306@cs.tcd.ie> <20141127211348.GE25114@mournblade.imrryr.org> <54784C61.2080508@cs.tcd.ie> <20141128170917.GC285@mournblade.imrryr.org> <88B49E1D-1601-4B86-8D93-14CF71501DFC@vpnc.org> <20141128213724.GG285@mournblade.imrryr.org> <7261AA75-5912-4514-A393-94F602C941C2@vpnc.org> <20141129170537.GK285@mournblade.imrryr.org> <046F438F-6230-4A3A-8A5C-708BA91E002B@vpnc.org> <20141129221139.GL285@mournblade.imrryr.org>
To: acme@ietf.org
X-Mailer: Apple Mail (2.1993)
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/rEP5EbbnE3aImue5YKu04Lr7_PA
Subject: Re: [Acme] kinds of proof
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Nov 2014 03:30:03 -0000

On Nov 29, 2014, at 2:11 PM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
> Sure, and the domain owner can field servers on whatever port he/she
> wishes after demonstrating control over the domain, which to me
> means control over the DNS (be it direct, or indirect via whoever
> administers the DNS).

I think this will have to be an "agree to disagree" situation. The Let's Encrypt promotional material indicates that they want to get more HTTPS out in the world, so they need to deal with the huge number of folks who use hosting companies and thus have no DNS control. I believe that is a great goal.

--Paul Hoffman