Re: [Acme] Proposed ACME Charter Language

Ted Hardie <ted.ietf@gmail.com> Wed, 13 May 2015 23:16 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B50741B31E6 for <acme@ietfa.amsl.com>; Wed, 13 May 2015 16:16:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9uHOpb9zoS6Y for <acme@ietfa.amsl.com>; Wed, 13 May 2015 16:16:30 -0700 (PDT)
Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1F581B31E4 for <acme@ietf.org>; Wed, 13 May 2015 16:16:29 -0700 (PDT)
Received: by wizk4 with SMTP id k4so218681863wiz.1 for <acme@ietf.org>; Wed, 13 May 2015 16:16:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=rxNCtYXljI2hyy/OBDkJwSM/P1zqjdQl6tzytudxQVw=; b=bSMz6J21mc6khhCKDqZkWBkWLry5SqEY4S2oNZpsc/6VHfDFv8FHsVoIsyov5xyJgA q6t1mGib2D/DPVamdPKNmjKrqYPwKgvGhmYHc9tOJN6cMtw1Mmux/e9hO+D5ToEmr2Gq rJMADARzAgkA7R3bfECRA++y638u+VptJ0uY2ka8MCZ1CBp56oWuS/C54Z3+Ri8WN+ur 6YKaXbQyPHSw4RwP40fkZ6y+E/k9kr8bn1Dx5w71HOKeHP1bC6zbiyjvWfoyu0wBiaQ/ NNHrsv1cI4qTrMG9DxfVzF/fQmMATZNsRHkuarFm+HlGTQ/3Wfr8s8YgiOGADtTpzMTm i4tw==
MIME-Version: 1.0
X-Received: by 10.180.74.104 with SMTP id s8mr10432377wiv.40.1431558988607; Wed, 13 May 2015 16:16:28 -0700 (PDT)
Received: by 10.194.185.171 with HTTP; Wed, 13 May 2015 16:16:28 -0700 (PDT)
In-Reply-To: <m24mngytae.wl%randy@psg.com>
References: <6A9C3116-8CC9-472C-8AA8-F555D060834C@vigilsec.com> <55351EAB.1060905@cs.tcd.ie> <E81896AA-245F-48B7-9B38-86AC30D2F82A@vigilsec.com> <553523E4.2090808@cs.tcd.ie> <84718B26-1DA3-4D46-8B6F-B615806229D7@vigilsec.com> <CABcZeBOy2yBEMGMxcDy=E3fvc+OF1sZfvOV7twJHAvKqtrxtLg@mail.gmail.com> <28919F11-9336-41F6-9922-4E3E2DC4E935@gmail.com> <BD7B96B1-CD50-408F-AA06-49C20AB102A6@vigilsec.com> <CA+9kkMAH+U25ZhLq1HhGFHKMAECu+Y1ZJH-h4bOrEXaUQ15LjQ@mail.gmail.com> <87d225qwbq.fsf@latte.josefsson.org> <B30EDBDF-0803-4AB0-9EBB-DD726F617C5B@vigilsec.com> <2dc5d20a27664efe994398ec508f0e7e@ustx2ex-dag1mb4.msg.corp.akamai.com> <1E6924DE-D59C-4323-9658-766937368B98@vigilsec.com> <7F45C649-4C78-441E-8649-45D0F74168C2@vigilsec.com> <m2617wyu1v.wl%randy@psg.com> <CA+9kkMA18=KBtSWnS3murcFT7tfxNAe1Oi2YFNSkhOXTPDAFTw@mail.gmail.com> <m24mngytae.wl%randy@psg.com>
Date: Wed, 13 May 2015 16:16:28 -0700
Message-ID: <CA+9kkMB4uYr1SVUEqFKOB7AmPe793Mb-zAVU0GCK5d=XH9rsCg@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Randy Bush <randy@psg.com>
Content-Type: multipart/alternative; boundary=f46d043c804afdb6a00515fecc96
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/wPjYzDeiM44t1NkoPg0APU4brI0>
Cc: IETF ACME <acme@ietf.org>
Subject: Re: [Acme] Proposed ACME Charter Language
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2015 23:16:31 -0000

On Wed, May 13, 2015 at 4:03 PM, Randy Bush <randy@psg.com>; wrote:

> >> /me likes simple, and this revision
>
> confession: it came out of a discussion in which i participated
>
> > How about:
> >
> > "ACME certificate management must provide automated methods for
> > revocation parallel to those use to request a certificate"?
>
> what the heck does "parallel" mean?  does it include means to revoke a
> cert for which i have lost the private key and want to use an entirely
> different proof of ownership/control?
>

​To me it means if you prove control of a domain in order to request
a cert by methods 1, 2, or 3, then you can request revocation​ if
you can prove control by the same set of methods.  I do not think
it means that you have to pick the same one from the set, but
it is something for the working group to discuss.

Is there language you like better for that?

Ted



>
> ramdu
>