Hi Mads, Happy to hear about another implementation! Thanks for replying.
We are also running a constrained pilot in our production environment > (supporting CertBot) and this will be upgraded to the ACME draft-07 version > shortly. What is your plan for testing your draft-07 pilot? It sounds like you only target Certbot and there is no order based issuance support in Certbot presently (among other divergences with draft-07/08). However, we are considering to use the Out-of-Band Challenge type and > possibly also External Account Binding in a next phase where the idea is to > exploit how the ACME protocol may be used to support issuance and > administration of other types of TLS certificates than DV. Can you speak to when this phase may begin/end? I worry that it will be too late for any implementation experience to be able to influence the draft if this phase of your project won't be complete for some time. - Daniel / cpu On Sat, Oct 21, 2017 at 2:56 AM, Mads Egil Henriksveen < [email protected]> wrote: > Hi > > > > Buypass has implemented an ACME server based on ACME draft-07 which use > order based issuance, this version is currently available in a test > environment only. We are also running a constrained pilot in our production > environment (supporting CertBot) and this will be upgraded to the ACME > draft-07 version shortly. > > > > We have included support for Pre-Authorization, but we are not using > neither External Account Binding nor the Out-of-Band Challenge in our > current version. However, we are considering to use the Out-of-Band > Challenge type and possibly also External Account Binding in a next phase > where the idea is to exploit how the ACME protocol may be used to support > issuance and administration of other types of TLS certificates than DV. > > > > Regards > > Mads > > > > *From:* Acme [mailto:[email protected]] *On Behalf Of *Daniel McCarney > *Sent:* fredag 20. oktober 2017 22:36 > *To:* IETF ACME <[email protected]> > *Subject:* [Acme] Survey of draft-07 implementations > > > > Hi folks, > > > > As the WG approaches last-call on ACME draft-07[0] I wanted to get a sense > of which portions of the spec have been implemented and which haven't. > > > > In particular I'd like to hear if anyone has implemented: > > * External Account Binding (Section 7.3.5) > > * Pre-Authorization for Order based issuance (Section 7.4.1) > > * The Out-of-Band Challenge type (Section 8.6) > > > > Let's Encrypt has made good progress on draft-07 server implementation but > has no plans to implement the above three features. It would be nice to > hear someone has running code for these protions of spec. > > > > Ignoring the above three items Let's Encrypt has implemented the core > portions of draft-07 in Pebble[1]. It's presently using the pro-active > issuance method described in draft-07. It does not support key change or > revocation but is ready to be used by clients. There is an integration test > client[2] based on Certbot's ACME python module and ACME4j has an > experimental branch[3] capable of issuing certificates from Pebble. > > > > Let's Encrypt has also made significant progress implementing draft-07 in > Boulder[4], the production Let's Encrypt CA software, but it is not yet > ready for use by clients. This implementation does include key change and > revocation but does **not** use pro-active issuance. I began a separate > thread[5] for the order finalization approach that we have started to > implement for Boulder. Pebble will be updated to use this issuance approach > in place of pro-active issuance shortly. > > > > Are there any other servers or clients out there that are speaking > draft-07 ACME and using order based issuance? > > > > - Daniel / cpu > > > > [0]: https://tools.ietf.org/html/draft-ietf-acme-acme-07 > > [1]: https://github.com/letsencrypt/pebble > > [2]: https://github.com/letsencrypt/boulder/blob/ > e2cc6fbe682dd5d49da32c2357838b0cc831f10f/test/chisel2.py > > [3]: https://github.com/shred/acme4j/tree/draft > > [4]: https://github.com/letsencrypt/boulder > > [5]: https://mailarchive.ietf.org/arch/msg/acme/ > DIjJEB06J5cFyuOlGPVcY2I51vg >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
