On 20/07/16 13:04, Carl Wallace wrote:
On 7/20/16, 5:51 AM, "Acme on behalf of Yaron Sheffer"
<[email protected] on behalf of [email protected]> wrote:
<snip>
Option 2 could take the form of a non-critical extension. The flow could
be something along these lines:
- TLS server generates a key pair and sends request for delegation ticket
to the domain owner
- The domain owner prepares an X.509 extension containing the key (or key
identifier), any constraints (e.g., name or validity) and the domain
owner's signature covering that information
- TLS server includes the extension in the request for a certificate
(short lived or otherwise but always consistent with constraints in the
extension)
- CA issues a certificate containing the non-critical extension
- TLS clients that want to understand the delegation can verify the
extension, others would carry on without processing the non-critical
extension
If this were always a long-lived certificate, the pre-certificate
mechanism in CT could be adapted with the domain owner signing instead of
the log (or maybe using CT exactly and acting as a special case log), but
this would complicate issuance.
Hi Carl,
I think this could work, but I believe there are use cases
(specifically, CDNs) where people do not want to advertise the delegation.
Besides, I am personally averse to tweaking X.509. IMO it could make
standardization much more difficult.
Thanks,
Yaron
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
