Dear WG, Over the past couple of days, Jacob and I got back to work on the draft, and got a bunch of PRs tuned up and landed, and now published in this new version.
There are three issues / PRs that we didn't feel were settled enough to include in this round (in addition to the late-breaking #204/#205): #170 add a special token parameter in registration #172 Add an external secret field to registration. #195 Combine "requirements" and "authorizations." I think our goal through the next IETF meeting should be to drive toward closure on these, and get any last issues on the table. (CAs thinking about ACME, I'm looking at you!) If we can get that done, I'm hopeful we'll be able to update the draft and request WGLC shortly after the IETF. Thanks, --Richard ## Closed #128 Indicate ACME version in /directory (or elsewhere?) ## Merged #159 Hard-fail on unrecognized contact URI schemes #165 Re-add new-authz as pre-authorization #167 Simplify terms-of-service flow. #182 Clarify flows around agreement to terms #183 Add 'revoked' status to registrations and use standard language #186 Remove extraneous statuses #190 Explicitly limit to TCP ports 80 and 443 #192 Updates Section 6.1.2 - "Registration Objects" for Applications. #193 Specify account by kid (reg URL) rather than key. #200 Clarify that HTTP and TLS go over ports 80 and 443 #202 Clarifies TLS port requirement for SNI challenge. #203 Hard fail on invalid contacts ---------- Forwarded message ---------- From: <[email protected]> Date: Mon, Oct 31, 2016 at 1:10 PM Subject: [Acme] I-D Action: draft-ietf-acme-acme-04.txt To: [email protected] Cc: [email protected] A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Automated Certificate Management Environment of the IETF. Title : Automatic Certificate Management Environment (ACME) Authors : Richard Barnes Jacob Hoffman-Andrews James Kasten Filename : draft-ietf-acme-acme-04.txt Pages : 67 Date : 2016-10-31 Abstract: Certificates in the Web's X.509 PKI (PKIX) are used for a number of purposes, the most significant of which is the authentication of domain names. Thus, certificate authorities in the Web PKI are trusted to verify that an applicant for a certificate legitimately represents the domain name(s) in the certificate. Today, this verification is done through a collection of ad hoc mechanisms. This document describes a protocol that a certificate authority (CA) and an applicant can use to automate the process of verification and certificate issuance. The protocol also provides facilities for other certificate management functions, such as certificate revocation. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-acme-acme/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-acme-acme-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-acme-acme-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
