IETF Logo Mail Archive

Re: IETF blog post on ACME

Eric Rescorla <ekr@rtfm.com> Wed, 13 March 2019 14:13 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4CA7126C87 for <ietf@ietfa.amsl.com>; Wed, 13 Mar 2019 07:13:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M5IXEsZI0mu3 for <ietf@ietfa.amsl.com>; Wed, 13 Mar 2019 07:13:50 -0700 (PDT)
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85445126C15 for <ietf@ietf.org>; Wed, 13 Mar 2019 07:13:49 -0700 (PDT)
Received: by mail-lf1-x135.google.com with SMTP id d18so1613557lfn.3 for <ietf@ietf.org>; Wed, 13 Mar 2019 07:13:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KZKVf/L5iaaxnh8kMqyxkaEWMfhiN30hTgmWO7Kqmbs=; b=2MhSKH7UzRtSO6ffcTT1poChtLo4ntyO8BBiHORYo4dd5PG36vIkoqAJQahRuIvfxi MpF1WaUqZP6anygNgzsn9rWZumUxZgo6iGQumyVe/KHBE0g4ueLOZqAXp0oWtTlqPka6 4nHIIgS50tmj54xukKoldj42mV+U3ByaUa48r+wD8DXVi6Q5u9AieNOBvtBDqqhYg/Xb TWVfeTB1oXtTPCMKbidFxrgJC1F6yZDJKXC3DOpKWoQ6NcpKliHj/skLF3UK4CdJwL/p WeqeaeAzwZ9Cf+2Pd6qfnXLacb6E+Na+TTq0xXA7VfHVMoVXQYPmNEePfm8/LA9u4c6N /iIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KZKVf/L5iaaxnh8kMqyxkaEWMfhiN30hTgmWO7Kqmbs=; b=KmeyxjfnJK5TLRqDV2wHIKa5PgBHXjVD0L/Uq3Z+qbg2q8wUYtef+dLj8PCAK08dqK GrdpYj6NX0EUktdeAEeaPCJ+JGikXOE/w3X2wFdhaiUq3LizpjwjXOxbw6fuHay0oXZe V/BDHze2c6489NryuUQdybbiwCNC+2Tks4rtEdfQGUtdMcBthshdzNVlY6+xmUuvF9ns /o0UICVwDO398IbakcG1JZC0PTQyJKUEE8JmkG1r3ZUgiBR89M23BlSlTIWmwuUDpdsY /XeWkP0m2svolMBiethODTDneFoVIt/rJSoFCB0bCG5Ng7CH6ippz14ae71mGSKCug5k s6ow==
X-Gm-Message-State: APjAAAVNB7uSSn9LEo26+FoESETVqrPl87iRj1krPFpp8pPddb5RJRDp 6pX8N2fQkucEg/KK+bpHdNIsS2lkf+5OdsmRRU5vPpZI
X-Google-Smtp-Source: APXvYqyIdP7yELSVCtOmuQ0fHOWPIUBDlhAkQluXIx1BAfgWPi3ZQZkPBcJxp6OSRJbVnlly9728vd8pkEIuc/xteLc=
X-Received: by 2002:ac2:518d:: with SMTP id u13mr23854968lfi.133.1552486427454; Wed, 13 Mar 2019 07:13:47 -0700 (PDT)
MIME-Version: 1.0
References: <CAL02cgRD6nXG_eQXQRe7a4wwfQqg_vOjdJRMZi7ee2W2odb7nQ@mail.gmail.com> <646140376.6443833.1552439801714@mail.yahoo.com> <CABcZeBMohHtaJBPhQsirf=CdhiHnv7FJcDHTrAmxChrCNBNXnQ@mail.gmail.com>
In-Reply-To: <CABcZeBMohHtaJBPhQsirf=CdhiHnv7FJcDHTrAmxChrCNBNXnQ@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 13 Mar 2019 07:13:10 -0700
Message-ID: <CABcZeBNQgnFqTR+puSE3g+C05Z2tfSbp2SmYmPJotTPqraZgUQ@mail.gmail.com>
Subject: Re: IETF blog post on ACME
To: Lloyd Wood <lloyd.wood@yahoo.co.uk>
Cc: Richard Barnes <rlb@ipv.sx>, IETF discussion list <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000070f450583fa6a66"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/XnyaL9ndAabjsX0aw5avZzHKTKg>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2019 14:13:52 -0000

On Wed, Mar 13, 2019 at 7:11 AM Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Tue, Mar 12, 2019 at 6:17 PM Lloyd Wood <lloyd.wood=
> 40yahoo.co.uk@dmarc.ietf.org> wrote:
>
>> Richard,
>>
>>
>> your IETF blog post says:
>>
>> "the server that needs a certificate can send in its information in a
>> standard form"
>> I do get nervous seeing the 'standard' word used in IETF material; the
>> IETF has a specific standards process, IETF material has to be careful in
>> its terminology.
>>
>>
>> While RFC 8555 is published as an RFC and as a proposed standard, it is
>> not yet an IETF standard.
>>
>
> This distinction, while true, seems not very helpful.
>
> Many of the most important and widely implemented documents in the IETF
> are PS and may take a very long time to be promoted to FS, if ever (IPv6
> was only so promoted last year!). Given that,
>

I don't usually correct myself, but this actually changes the meaning.
There should be no comma after "Given that".

-Ekr

people often wait to implement and deploy protocols until they are
> "standardized" or "finalized", trying to stop people from calling those
> documents standards seems counterproductive (as well as largely futile).
>
> -Ekr
>
>
>
>
>> The Let's Encrypt crowd have been saying:
>>
>>
>>
>> "The protocol we use for automated certificate management, ACME, is now
>> finalized as an Internet standard!"
>> or
>> "the ACME protocol became an IETF standard with RFC 8555."
>> or
>> "
>> The ACME Protocol is an IETF Standard
>>
>> It has long been a dream of ours for there to be a standardized protocol
>> for certificate issuance and management. That dream has become a reality
>> now that the IETF has standardized the ACME protocol as RFC 8555."
>> https://letsencrypt.org/2019/03/11/acme-protocol-ietf-standard.html
>>
>> which is slightly overstating it (proposed standard is NOT finalized and
>> is NOT an IETF Standard), while inadvertently(?) dismissing the IETF
>> standards process that you'd think active participants would understand...
>>
>> "in an agreed form" is less misleading, I think.
>>
>> sigh.
>>
>> L.
>>
>> Lloyd Wood lloyd.wood@yahoo.co.uk http://about.me/lloydwood
>>
>>
>>
>> ________________________________
>> From: Richard Barnes <rlb@ipv.sx>
>> To: IETF discussion list <ietf@ietf.org>
>> Sent: Wednesday, 13 March 2019, 7:39
>> Subject: IETF blog post on ACME
>>
>>
>>
>> Hey all,
>>
>> In honor of ACME finally being published as an RFC, my co-authors and I
>> wrote a quick blog post announcing ACME and why it matters:
>>
>> https://www.ietf.org/blog/acme/
>>
>> The tl;dr is:
>> - Certificates are necessary to make secure applications scale
>> - Getting a certificate used to be hard, but ACME makes it easy
>> - Now we can encrypt all the things!
>>
>> For those of you more at the networking layer, think of it like DHCP --
>> long ago, IP address assignment was manual and slow, and we needed an
>> automated way of handing out addresses to make the Internet scale.  Same
>> thing here, but for the PKI.
>>
>> Sincere thanks to the many contributors to this work!
>>
>>
>> --Richard
>>
>>

v2.23.0 | Report a Bug | By Email