Re: [Acme] Proposed ACME Charter Language

Martin Thomson <martin.thomson@gmail.com> Wed, 13 May 2015 23:03 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E6751B31CE for <acme@ietfa.amsl.com>; Wed, 13 May 2015 16:03:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rsY5hs_z883e for <acme@ietfa.amsl.com>; Wed, 13 May 2015 16:03:05 -0700 (PDT)
Received: from mail-yh0-x22c.google.com (mail-yh0-x22c.google.com [IPv6:2607:f8b0:4002:c01::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 219401B31CC for <acme@ietf.org>; Wed, 13 May 2015 16:03:05 -0700 (PDT)
Received: by yhom41 with SMTP id m41so17395402yho.1 for <acme@ietf.org>; Wed, 13 May 2015 16:03:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Tx7DXUInBrYh6IY+nnZqR1zG/kkLsKABMbh6lLjning=; b=yATWp/YipyBUNAMLVcDm0nv91z+utlxz6mSxAWKU9HhdODhvS+IdiGsTbFqYhzc0hW AHxkLKQ2/i0AYW6t3NvbOz1YWCmdMy4RN7n/n0zBBgGlWChwwyyyhM2hXk2rI+UUjJz+ m+3QD+0RUdmcjgwnwzRT5MVPB/2nN2cYbXLAvLb5bqpC3cpv1jwVwqzIH5FyAYxMwEVz +Xvqqi6ylgaR22wbdFgtGEzIy03X7B3gTlB79+/piAHKXZrgMIiOsGU195DpQWPZgSZA 1g1YE3rDrWhKZZyIrp5V1lVPS0fQLUB7c3VwFeeL5aaBbz63oi9hJprlVo2VtGGmFMu7 dayQ==
MIME-Version: 1.0
X-Received: by 10.236.20.230 with SMTP id p66mr1158690yhp.181.1431558184473; Wed, 13 May 2015 16:03:04 -0700 (PDT)
Received: by 10.13.247.71 with HTTP; Wed, 13 May 2015 16:03:04 -0700 (PDT)
In-Reply-To: <CA+9kkMA18=KBtSWnS3murcFT7tfxNAe1Oi2YFNSkhOXTPDAFTw@mail.gmail.com>
References: <6A9C3116-8CC9-472C-8AA8-F555D060834C@vigilsec.com> <55351EAB.1060905@cs.tcd.ie> <E81896AA-245F-48B7-9B38-86AC30D2F82A@vigilsec.com> <553523E4.2090808@cs.tcd.ie> <84718B26-1DA3-4D46-8B6F-B615806229D7@vigilsec.com> <CABcZeBOy2yBEMGMxcDy=E3fvc+OF1sZfvOV7twJHAvKqtrxtLg@mail.gmail.com> <28919F11-9336-41F6-9922-4E3E2DC4E935@gmail.com> <BD7B96B1-CD50-408F-AA06-49C20AB102A6@vigilsec.com> <CA+9kkMAH+U25ZhLq1HhGFHKMAECu+Y1ZJH-h4bOrEXaUQ15LjQ@mail.gmail.com> <87d225qwbq.fsf@latte.josefsson.org> <B30EDBDF-0803-4AB0-9EBB-DD726F617C5B@vigilsec.com> <2dc5d20a27664efe994398ec508f0e7e@ustx2ex-dag1mb4.msg.corp.akamai.com> <1E6924DE-D59C-4323-9658-766937368B98@vigilsec.com> <7F45C649-4C78-441E-8649-45D0F74168C2@vigilsec.com> <m2617wyu1v.wl%randy@psg.com> <CA+9kkMA18=KBtSWnS3murcFT7tfxNAe1Oi2YFNSkhOXTPDAFTw@mail.gmail.com>
Date: Wed, 13 May 2015 16:03:04 -0700
Message-ID: <CABkgnnUXDYjurP3EVvpdN4un0RMZdnC+9dmrsYpQfJ7m3gz1ow@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/tNtUvNF_lw3kLyVTv44UefeIOvc>
Cc: Randy Bush <randy@psg.com>, IETF ACME <acme@ietf.org>, Russ Housley <housley@vigilsec.com>
Subject: Re: [Acme] Proposed ACME Charter Language
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2015 23:03:06 -0000

On 13 May 2015 at 15:59, Ted Hardie <ted.ietf@gmail.com>; wrote:
> "ACME certificate management must provide automated methods for revocation
> parallel to those use to request a certificate"?

I think that you might find the discussions on revocation on the
(proposed) acme spec enlightening here.  I believe that there are
several ways in which authorization might be determined: if you were
the one to originally request the certificate, if you have the private
key for that certificate, and some other mix of factors whereby those
two parties signal that they have delegated this authority to you.

That's why I favour the more general wording chosen; even if it is
technically different.  It does potentially create a more complex
protocol, but this allows the working group to make that choice,
rather than baking it into the charter.