IETF Logo Mail Archive

[Lurk] Fwd: New Version Notification for draft-sheffer-lurk-cert-delegation-00.txt

Yaron Sheffer <yaronf.ietf@gmail.com> Thu, 12 May 2016 21:10 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A502B12B04B for <lurk@ietfa.amsl.com>; Thu, 12 May 2016 14:10:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wdQnEcGxQdof for <lurk@ietfa.amsl.com>; Thu, 12 May 2016 14:10:18 -0700 (PDT)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6049712B034 for <lurk@ietf.org>; Thu, 12 May 2016 14:10:18 -0700 (PDT)
Received: by mail-wm0-x233.google.com with SMTP id a17so156557791wme.0 for <lurk@ietf.org>; Thu, 12 May 2016 14:10:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:references:to:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=T6NKWfsQKUlhYN1MFi2kT9+fURxlQ7Nny/6DMWZd+hg=; b=0q3BUMARYldEbTRC/Iqe99R7FT6AWqGLaXGvQ3JLFaSXTM1xY3pPrNC2pn9NWBWQVQ Tz3YA0WZGMSIpVRAV9J764j09YBq++2NvyHwB7l7bIIQqorv0CXLj9YunO6HiIlb4Byw jEOKzek/eTHxh3aRZLVM5dH9S8/KVvhBPMG1fHOrDCEqV+T2Sgxdrv3vkSt2O1NBky1z pcopOED66q3gVsCQBJs/oMKkmMEZtSXQSxva6CSbAc9m341iIBv8FypYeXhAFkCzrcWK Mzk8Egf5fQEHXZ8WQ2KilmHEmPUq/2XGAUXLk6BCElR3zk+IIVYU2/jq0bRxHCcD5UNe IjUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:references:to:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=T6NKWfsQKUlhYN1MFi2kT9+fURxlQ7Nny/6DMWZd+hg=; b=SCXfe6S+s8unkM8xuy4TSL4xegTjsBWNZjHjGTi2339V+Its/HnBiBM8By5KU2azWL +zCFVDqHz7a77qWtQMM54H4gcoWhS3rNPe77Ue9oGJcs91W7t0iBe/93c/0qmj8RpqrA haKIrHV5brhSJTFVUrle1/j5BX+aOVoF7ONHaljujkFiwTyYrtg1o12fL+vRcDS06hPu fGroDpkQ4GhgUMk7wAR1shag6h6EfP7kYQiViBbOhi/xHgxTr6fsMVA44LTVT5LY7Cv9 SAPcIc2xwr4QKMldhyfDFiqlTCb26wQ57GDNyGKhmB0Sv3INx7PcFCtYyeoDNyRm6m/s CP4Q==
X-Gm-Message-State: AOPr4FXzcHMq97GnwN1uw3t8mfwRSoxHwUBLWOlYF4pYSVFo7RmB8LuiDoOUBTG2r/+9fA==
X-Received: by 10.28.227.138 with SMTP id a132mr8271201wmh.35.1463087416955; Thu, 12 May 2016 14:10:16 -0700 (PDT)
Received: from [10.0.0.11] (bzq-79-182-201-82.red.bezeqint.net. [79.182.201.82]) by smtp.gmail.com with ESMTPSA id o73sm43238117wme.16.2016.05.12.14.10.15 for <lurk@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Thu, 12 May 2016 14:10:15 -0700 (PDT)
References: <20160512204349.14299.93495.idtracker@ietfa.amsl.com>
To: "lurk@ietf.org" <lurk@ietf.org>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
X-Forwarded-Message-Id: <20160512204349.14299.93495.idtracker@ietfa.amsl.com>
Message-ID: <5734F136.10208@gmail.com>
Date: Fri, 13 May 2016 00:10:14 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <20160512204349.14299.93495.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/lurk/74JwuN5MfpJ2jaj0c5iBMb3SfC0>
Subject: [Lurk] Fwd: New Version Notification for draft-sheffer-lurk-cert-delegation-00.txt
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 May 2016 21:10:20 -0000

Hi,

To solve the CDN-shouldn't-get-my-private-key scenario, I propose an 
almost trivial REST API, where the CDN contacts the content owner once a 
day and obtains a 3 day credential (private key plus short-term cert).

Comments are welcome!

Thanks,
	Yaron

-------- Forwarded Message --------
Subject: New Version Notification for 
draft-sheffer-lurk-cert-delegation-00.txt
Date: Thu, 12 May 2016 13:43:49 -0700
From: internet-drafts@ietf.org
To: Yaron Sheffer <yaronf.ietf@gmail.com>


A new version of I-D, draft-sheffer-lurk-cert-delegation-00.txt
has been successfully submitted by Yaron Sheffer and posted to the
IETF repository.

Name:		draft-sheffer-lurk-cert-delegation
Revision:	00
Title:		Delegating TLS Certificates to a CDN
Document date:	2016-05-12
Group:		Individual Submission
Pages:		8
URL: 
https://www.ietf.org/internet-drafts/draft-sheffer-lurk-cert-delegation-00.txt
Status: 
https://datatracker.ietf.org/doc/draft-sheffer-lurk-cert-delegation/
Htmlized: 
https://tools.ietf.org/html/draft-sheffer-lurk-cert-delegation-00


Abstract:
    An organization that owns web content often prefers to delegate
    hosting of this content to a Content Delivery Network (CDN).  To
    serve HTTP content securely, it needs to be protected with TLS.  This
    document proposes a way for the CDN to request constrained
    certificates so that it can serve web content on behalf of the
    content owner, without having the owner's long term certificate.

 



Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

v2.23.0 | Report a Bug | By Email