On 21/04/15 11:53, Russ Housley wrote: > Hotspot 2.0 is behind a paywall: > https://www.wi-fi.org/hotspot-20-release-2-technical-specification-package-v110
Bummer;-( Not sure if someone can summarise what EST is being used for there. Could be that it overlaps more with homenet/anima than with acme for example, not sure. I also asked a question below though and am interested in your take on that: >> Anyway EST carries (a profile of) CMC messages [1] doesn't it? So >> aren't we really asking about use of CMC-defined, ASN.1 encoded >> payloads here after all? Cheers, S. > Russ > > > On Apr 20, 2015, at 3:04 PM, Stephen Farrell wrote: > >> >> Hiya, >> >> On 20/04/15 17:40, Russ Housley wrote: >>> Stephen: >>> >>>>> I'm willing to assume that an attempt to replace things that >>>>> people are using will meet with vigorous discussion. >>>> >>>> Right. People are using CMC, but not afaik when dealing with >>>> any public CAs for getting certificates for public Internet >>>> services. I think CMP has some similar but much smaller set of >>>> real uses. (*) And I'm not sure if EST has gotten traction. >>>> SCEP has uses but that's another kettle of cans of worms and >>>> fish;-) >>>> >>>> I think it would be better to have the vigorous discussion >>>> about CMC vs.ACME-JSON-etc (if that's the one we need to have) >>>> before we form the WG. But is that in fact the meat of your >>>> concern here? If so, then I assume you'd be arguing for use of >>>> CMC/CRMF PDUs in ACME messages. If not, I'm not back to being >>>> puzzled. Can you clarify? >>> >>> I was not concerned about CMC, CMP, or SCEP. My concern is >>> around EST. The Hotspot spec points to it, and we should see if >>> others are using it. >> >> (Do you have a ref for the hotspot spec? I don't know that one.) >> >> Anyway EST carries (a profile of) CMC messages [1] doesn't it? So >> aren't we really asking about use of CMC-defined, ASN.1 encoded >> payloads here after all? >> >> In case it helps, I think (open to correction of course) that >> everyone would be fine with re-using and not duplicating PKCS#10, >> at least for RSA, since that is what is well supported by well >> deployed code. And that seems to be in the current ACME draft. [2] >> So I think we're mostly talking about the bits and pieces of >> CMC/CRMF that go beyond PKCS#10 - and it's those that are afaik >> unused and where we oughtn't be fussed about duplicating (should >> that be what the WG wants). >> >> I do agree that we might want to think some more if there's >> significant deployment of EST somewhere relevant, or if a good >> argument that that's highly likely can be made. >> >> I also agree that asking the question "why isn't EST good enough" >> is totally valid, and that it'd be great if someone would summarise >> the earlier thread on that. [3] >> >> Cheers, S. >> >> [1] https://tools.ietf.org/html/rfc7030#section-3 [2] >> https://tools.ietf.org/html/draft-barnes-acme-01#section-4 [3] >> https://www.ietf.org/mail-archive/web/acme/current/msg00003.html >> >> >> >>> >>> Russ >>> >>> _______________________________________________ Acme mailing list >>> [email protected] https://www.ietf.org/mailman/listinfo/acme >>> > > _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
