Stepping back in time to this point in the thread... On Sat, Apr 25, 2015 at 2:46 PM, Russ Housley <[email protected]> wrote:
> Here is the currrent language ... > > Russ > > = = = = = = = = = = > > > Automated Certificate Management Environment (ACME) > > Historically, issuance of certificates for Internet applications > (e.g., web servers) has involved many manual identity validation steps > by the certification authority (CA). The ACME WG will specify > conventions for automated X.509 certificate management, including > validation of control over an identifier, certificate issuance, > certificate renewal, and certificate revocation. The initial focus of > the ACME WG will be on domain name certificates (as used by web > servers), but other uses of certificates can be considered as work > progresses. > > ACME certificate management must allow the CA to verify, in an > automated manner, that the party requesting a certificate has authority > over the requested identifiers, including the subject and subject > alternative names. The processing must also confirm that the requesting > party has access to the private key that corresponds to the public key > that will appear in the certificate. All of the processing must be done > in a manner that is compatible with common service deployment > environments, such as hosting environments. > > ACME certificate management must, in an automated manner, allow a > party that has previously requested a certificate to subsequently > request revocation of that certificate. > > In order to facilitate deployment by CAs, the ACME protocol must be > compatible with common industry standards for the operation of a CA, > for example the CA/Browser Forum Baseline Requirements [0]. > > I don't really like the language "the ACME protocol must be compatible with common industry standards for the operation of a CA, for example the CA/Browser Forum Baseline Requirements [0]." Proving compatibility with an unbounded set of standards seems likely to generate a lot of wrangling on what "common industry standards". Also, the point of the effort, after all, is to be better than *some* of the current operations of a CA. Would the following work? "The ACME working group is focused on automating certificate issuance, validation, revocation and renewal. Review of other industry practices are not within scope for this working group." regards, Ted > The starting point for ACME WG discussions shall be draft-barnes-acme. > > [0] https://cabforum.org/wp-content/uploads/BRv1.2.3.pdf > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
