Re: [Acme] Current Charter language

Russ Housley <housley@vigilsec.com> Sat, 16 May 2015 16:08 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C6CC1A007F for <acme@ietfa.amsl.com>; Sat, 16 May 2015 09:08:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -96.5
X-Spam-Level:
X-Spam-Status: No, score=-96.5 tagged_above=-999 required=5 tests=[BAYES_99=3.5, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SntakHo4wpUw for <acme@ietfa.amsl.com>; Sat, 16 May 2015 09:08:28 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id A705E1A0078 for <acme@ietf.org>; Sat, 16 May 2015 09:08:28 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 169E39A401A for <acme@ietf.org>; Sat, 16 May 2015 12:08:18 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id 7qCBbtb6WyFU for <acme@ietf.org>; Sat, 16 May 2015 12:07:42 -0400 (EDT)
Received: from [172.20.4.34] (c-73-216-27-236.hsd1.va.comcast.net [73.216.27.236]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 51A6A9A403B for <acme@ietf.org>; Sat, 16 May 2015 12:07:46 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1085)
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <55563AB8.4050608@cs.tcd.ie>
Date: Sat, 16 May 2015 12:07:35 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <5756585F-F4BC-4E7B-8D38-64D21DB794C4@vigilsec.com>
References: <CA+9kkMBvwLexviH97=dqj40-3-6i6+UMp7hFVzfCpY5_WJAaFQ@mail.gmail.com> <c3f7361df02b4ecfacf86c9ff655ea8f@ustx2ex-dag1mb2.msg.corp.akamai.com> <55563AB8.4050608@cs.tcd.ie>
To: IETF ACME <acme@ietf.org>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/x2JvZiCPqG626yzxtbbQ9TSw_V8>
Subject: Re: [Acme] Current Charter language
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 May 2015 16:08:30 -0000

Stephen:

>>> Any other obvious edits needed?
>> 
>> LGTM
> 
> (no hats)
> 
> Me too. I like it and figure it's good enough.
> 
> The only thing I'd suggest maybe adding is the illustrative goal
> that an "apt-get install apache" should be able to get the required
> certificates for a web server automatically, if there is an acme
> server that is willing to automate that far. And that a subsequent
> "apt-get upgrade" on that box should ensure that the certificate
> stuff needed for that apache install gets renewed if necessary.
> 
> I can see that it might be tricky to phrase that in language
> that works in a charter though, but maybe someone's feeling nicely
> creative.
> 
> The reason to want this in (for me) is that I think that example
> can ground the work and be useful to head off some potential rat
> holes that might otherwise crop up. And it captures the by far
> most important requirement for acme to meet which is good to keep
> in front of us.

I would rather ship the charter as it is.

While "apt-get" stuff is very interesting, it is not the only way to implement the protocol.

Russ