[secdir] [new-work] WG Review: Automated Certificate Management Environment (acme)
The IESG <iesg@ietf.org> Fri, 12 June 2015 16:06 UTC
Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 720051A1F73; Fri, 12 Jun 2015 09:06:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1434125201; bh=2QyvKyu0stSPxsh62ErkrVgPZrwNMsdDwPm+SxEyMhE=; h=MIME-Version:From:To:Message-ID:Date:Subject:Reply-To:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=k+DWGnqU/BaceNfTmou1gImOb1YrqA54GWRjVSgPnYwAx0sG2yLBT+PnXrS57kg4T p9gYB+YENoKvtzP0voensCD3Ely8KcGnNgnnIXLqKa3yX0zJdzbcX2TwyXL82BMnMP 07+inl1JyVKa9ab2+Ig/PEfK+3tIWTU3yVyfofIs=
X-Original-To: new-work@ietfa.amsl.com
Delivered-To: new-work@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9118C1A1F73; Fri, 12 Jun 2015 09:06:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CtwDQFk09zRf; Fri, 12 Jun 2015 09:06:33 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 351D91A1BAC; Fri, 12 Jun 2015 09:06:28 -0700 (PDT)
MIME-Version: 1.0
From: The IESG <iesg@ietf.org>
To: new-work@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.0.3.p2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150612160628.14548.94621.idtracker@ietfa.amsl.com>
Date: Fri, 12 Jun 2015 09:06:28 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/new-work/Gn4KjfeKwN9-7vN_YtzLqu-Ycio>
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.15
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: new-work-bounces@ietf.org
Sender: new-work <new-work-bounces@ietf.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/S5jv7hdNIk3xxEfux7KT43N_RWg>
X-Mailman-Approved-At: Fri, 12 Jun 2015 09:11:49 -0700
Subject: [secdir] [new-work] WG Review: Automated Certificate Management Environment (acme)
X-BeenThere: secdir@ietf.org
Reply-To: iesg@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jun 2015 16:06:41 -0000
A new IETF working group has been proposed in the Security Area. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg at ietf.org) by 2015-06-22. Automated Certificate Management Environment (acme) ------------------------------------------------ Current Status: Proposed WG Chairs: Rich Salz <rsalz@akamai.com> Ted Hardie <ted.ietf@gmail.com> Assigned Area Director: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> Mailing list Address: acme@ietf.org To Subscribe: https://www.ietf.org/mailman/listinfo/acme Archive: http://www.ietf.org/mail-archive/web/acme/ Charter: Historically, issuance of certificates for Internet applications (e.g., web servers) has involved many manual identity validation steps by the certification authority (CA). The ACME WG will specify conventions for automated X.509 certificate management, including validation of control over an identifier, certificate issuance, certificate renewal, and certificate revocation. The initial focus of the ACME WG will be on domain name certificates (as used by web servers), but other uses of certificates can be considered as work progresses. ACME certificate management must allow the CA to verify, in an automated manner, that the party requesting a certificate has authority over the requested identifiers, including the subject and subject alternative names. The processing must also confirm that the requesting party has access to the private key that corresponds to the public key that will appear in the certificate. All of the processing must be done in a manner that is compatible with common service deployment environments, such as hosting environments. ACME certificate management must, in an automated manner, allow an authorized party to request revocation of a certificate. The ACME working group is specifying ways to automate certificate issuance, validation, revocation and renewal. The ACME working group is not reviewing or producing certificate policies or practices. The starting point for ACME WG discussions shall be draft-barnes-acme. Milestones: Aug 2015 - Initial working group draft Mar 2016 - Submit working group draft to IESG as Proposed Standard _______________________________________________ new-work mailing list new-work@ietf.org https://www.ietf.org/mailman/listinfo/new-work