Re: [Acme] ACME or EST?
Richard Barnes <rlb@ipv.sx> Tue, 25 November 2014 21:55 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58FFC1A1AB6 for <acme@ietfa.amsl.com>; Tue, 25 Nov 2014 13:55:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jCfZgJqp6H80 for <acme@ietfa.amsl.com>; Tue, 25 Nov 2014 13:55:52 -0800 (PST)
Received: from mail-vc0-f173.google.com (mail-vc0-f173.google.com [209.85.220.173]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68D1F1A0277 for <acme@ietf.org>; Tue, 25 Nov 2014 13:55:52 -0800 (PST)
Received: by mail-vc0-f173.google.com with SMTP id im17so718926vcb.18 for <acme@ietf.org>; Tue, 25 Nov 2014 13:55:51 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=SJrkoiJK6AGLsWjvR2Fzy07kQtC6aXtptMW85Yw2CO4=; b=E670V0K8yQjs+wmVX/Ad65bFeVrzQK+F3fK5PUNt0Mv64PqGaRuDodqfjMFQDIb4cT U21aJtXy6CPPf56guJB3QWH5nO+qpn8JqTIgc2LQR7h9k8wHSDaRp063pBwFSebXi4Au QxsUcRQ2eUFlzzPpELAmHNPrziXDi32VPI0L9NCnZP65vPaJds2zhDaFO1OHlt66DoTA 7xOyRg4ZUvTtEtfNn7WDyAlwravOwlL7lY14eAXQy//yAQ6yfWdwjiidZxMfffwwe4UZ nMpQwIx8rptIfmReJb25MFx6QBBO+lUysh0Ib0ssgRD1MIfxhobaSrQNd9MMNw/AzNTF B05g==
X-Gm-Message-State: ALoCoQlCrlJcp+dNy3DVAdqYSt41XNxAiufseC6jaQK5/DBuRF4RQRRjrL/FKv5R/ms+MI4Jrlwe
MIME-Version: 1.0
X-Received: by 10.52.10.198 with SMTP id k6mr2340320vdb.38.1416952551638; Tue, 25 Nov 2014 13:55:51 -0800 (PST)
Received: by 10.31.149.1 with HTTP; Tue, 25 Nov 2014 13:55:51 -0800 (PST)
In-Reply-To: <AD5940AA-6F01-4D0E-A4E0-19AEA56BBED3@vpnc.org>
References: <AD5940AA-6F01-4D0E-A4E0-19AEA56BBED3@vpnc.org>
Date: Tue, 25 Nov 2014 16:55:51 -0500
Message-ID: <CAL02cgTgpjQffow2XuaNuT7BtqYVttXdVUgyqBFbsAbN4g0VzQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="20cf30334e25811f0e0508b5f991"
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/uj2LVbQTeCHh9gsSzUimnmB1V4M
Cc: acme@ietf.org
Subject: Re: [Acme] ACME or EST?
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Nov 2014 21:55:54 -0000
A few things off the top of my head: * If nothing else, much less ASN.1. (Cf. JOSE vs. CMS) * Support for other certificate management functions, e.g., revocation * Validation of possession of identifiers * Cleaner use of HTTP On Tue, Nov 25, 2014 at 4:41 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > Greetings again. The abstract of the ACME pre-draft at > https://github.com/letsencrypt/acme-spec (which Richard will hopefully > publish as a real draft soon) says: > > This > document describes a protocol that a certificate authority (CA) and a > applicant can use to automate the process of verification and > certificate issuance. The protocol also provides facilities for > other certificate management functions, such as certificate > revocation. > > This overlaps a lot with "Enrollment over Secure Transport" (EST), < > https://tools.ietf.org/html/rfc7030>. > > For many people who saw last week's announcement, the main use case of > ACME is "make it easy to create a client that can create a key, get it > enrolled with a server, get the new certificate back, and install that > certificate in a web server". What does/will ACME offer that EST does not > already? > > --Paul Hoffman > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
- [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Joe Hildebrand (jhildebr)
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Michael Jenkins
- Re: [Acme] ACME or EST? Stephen Farrell
- [Acme] first order requirement - suitable as an o… Stephen Farrell
- Re: [Acme] ACME or EST? Salz, Rich
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] ACME or EST? Joe Hildebrand (jhildebr)
- Re: [Acme] ACME or EST? Stephen Farrell
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Viktor Dukhovni
- Re: [Acme] ACME or EST? Christian Huitema
- [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Christian Huitema
- [Acme] kinds of proof (was: Re: ACME or EST?) Stephen Farrell
- Re: [Acme] kinds of proof (was: Re: ACME or EST?) Phillip Hallam-Baker
- Re: [Acme] kinds of proof Stephen Farrell
- Re: [Acme] kinds of proof Salz, Rich
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Eric Rescorla
- Re: [Acme] ACME or EST? Eliot Lear
- Re: [Acme] kinds of proof (was: Re: ACME or EST?) Viktor Dukhovni
- Re: [Acme] kinds of proof Phillip Hallam-Baker
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Nico Williams
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Tony Arcieri
- Re: [Acme] kinds of proof Eric Mill
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Christian Huitema
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Phillip Hallam-Baker
- Re: [Acme] kinds of proof Trevor Freeman
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] kinds of proof Martin Thomson