On Mon, Jul 27, 2015 at 7:51 PM, Phillip Hallam-Baker <[email protected]> wrote: > As a general rule, any protocol that contains a component that may be > subject to variation in the field needs an IANA registry. Since we are going > to have multiple automatic validation processes we will be required to have > a registry even if there is only one entry at first.
ACME has always been structured with a registry in mind; the IANA considerations just haven't been written up :) > For the offline part, I don't think that the border between automatic and > offline is quite as clear as some folk seem to think. Some validation > mechanisms are intrinsically offline we have a proposal for a completely > automatic one but virtually all the processes in use today are a mix of the > two. > > Even EV issue can be automated if you have an already validate credential > and a DV issue can return 'pending' for a host of reasons. And even if you > are doing EV you have to pass domain validation as well. I think what's being proposed is a generic "offline" thing for cases where the validation method you want to use hasn't been defined and registered, or doesn't have broad client support. So the idea wouldn't be to draw a clear distinction between online and offline validation, but rather to provide an escape valve for cases where the CA and the client can't agree on a fully automated way to do things. --Richard > So I don't think this is a taxonomy thing. It is a 'label the process so the > automatic bits can be identified' thing and a 'this may not work > automatically' thing. So no to offline/xxxx but yes to a registry of > validation schemes. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
