On Tue, Mar 31, 2015 at 4:22 AM, Scott Rea <[email protected]> wrote:
> G'day Yaron, > > I will make 2 brief observations: > > a) Max and I actually proposed some usability focused work around TLS > certs to the PKIX WG about 6 or 7 years ago, when PKIX was still going > strong, and we were told that usability is not the purvey of IETF, its > purely bits on the wire. So when did IETF morph from bits on the wire to > now include usability? > This is getting silly. At some level, the entire Internet is about usability. After all, you could order plane tickets over the phone before Expedia showed up, right? Protocols are about automating interactions. The interaction by which a CA validates an applicant's control over a domain name is one for which we don't have good standard automation right now. > b) Getting a server certificate for a cloud server within seconds, and > with no manual intervention is possible today with a little scripting on > the server and an appropriate API from one of the existing CAs. If you like, you can view ACME as simply a collation and standardization of those proprietary APIs, so that hosting providers (and server vendors, etc.) don't have to get locked in to one. --Richard > If your > current provider cannot do that for you, then I suggest you shop around > a little. > > Regards, > _Scott > > On 3/30/2015 9:36 PM, Yaron Sheffer wrote: > >>>> *Overstepping the Technical Boundaries.* As it was pointed out during > >>>> the BoF, the proposed initiative does not address any technical issue, > >>>> but, instead, is pushing a specific BUSINESS model. I found very > >>>> inappropriate the examples of "I could not get my certificates in 45 > >>>> minutes.." as this is a NON argument. > >>> With all due respect to Cullen, I agree:-) I think it's used as a > >>> humorous anecdote basically and I've seen that done in quite a few > >>> contexts in the IETF. But that one non-argument was raised is not > >>> a procedural issue for me. > >> I agree with Max that this should be a non-argument, and happy to hear > >> that you agree Stephen > >>> > > > > For me ACME is purely about usability, so Cullen's anecdote is > > actually the only thing that matters. As a user, I want to be able to > > get a server certificate for a cloud server within seconds, and with > > no manual intervention. And if that breaks someone's business model, > > so be it. > > > > And by the way, ACME with *email* certs could make S/MIME viable > > again, for those of us still using mail clients. > > > > Thanks, > > Yaron > > -- > Scott Rea, MSc, CISSP > VP GOV/EDU Relations & Sr. PKI Architect > DigiCert, Inc. > 2600 West Executive Parkway > Suite 500 > Lehi, Utah 84043 > http://www.digicert.com > (800) 896-7973 > > Em [email protected] > Ph#(801) 701-9636 > Ce#(801) 874-4114 > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
