Hi Daniel The testing will be based on our own test clients and client software developed by our partners. If you know about any other clients supporting draft-07, please let me know.
We are currently working with a specification for the next phase including OOB and according to our current plan this will be completed in Q4 2017. We hope to begin the implementation in Q1 2018, but right now I am not able to say when this will be finished. Regards Mads From: Daniel McCarney [mailto:[email protected]] Sent: torsdag 2. november 2017 15:02 To: Mads Egil Henriksveen <[email protected]> Cc: IETF ACME <[email protected]> Subject: Re: [Acme] Survey of draft-07 implementations Hi Mads, Happy to hear about another implementation! Thanks for replying. We are also running a constrained pilot in our production environment (supporting CertBot) and this will be upgraded to the ACME draft-07 version shortly. What is your plan for testing your draft-07 pilot? It sounds like you only target Certbot and there is no order based issuance support in Certbot presently (among other divergences with draft-07/08). However, we are considering to use the Out-of-Band Challenge type and possibly also External Account Binding in a next phase where the idea is to exploit how the ACME protocol may be used to support issuance and administration of other types of TLS certificates than DV. Can you speak to when this phase may begin/end? I worry that it will be too late for any implementation experience to be able to influence the draft if this phase of your project won't be complete for some time. - Daniel / cpu On Sat, Oct 21, 2017 at 2:56 AM, Mads Egil Henriksveen <[email protected]<mailto:[email protected]>> wrote: Hi Buypass has implemented an ACME server based on ACME draft-07 which use order based issuance, this version is currently available in a test environment only. We are also running a constrained pilot in our production environment (supporting CertBot) and this will be upgraded to the ACME draft-07 version shortly. We have included support for Pre-Authorization, but we are not using neither External Account Binding nor the Out-of-Band Challenge in our current version. However, we are considering to use the Out-of-Band Challenge type and possibly also External Account Binding in a next phase where the idea is to exploit how the ACME protocol may be used to support issuance and administration of other types of TLS certificates than DV. Regards Mads From: Acme [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Daniel McCarney Sent: fredag 20. oktober 2017 22:36 To: IETF ACME <[email protected]<mailto:[email protected]>> Subject: [Acme] Survey of draft-07 implementations Hi folks, As the WG approaches last-call on ACME draft-07[0] I wanted to get a sense of which portions of the spec have been implemented and which haven't. In particular I'd like to hear if anyone has implemented: * External Account Binding (Section 7.3.5) * Pre-Authorization for Order based issuance (Section 7.4.1) * The Out-of-Band Challenge type (Section 8.6) Let's Encrypt has made good progress on draft-07 server implementation but has no plans to implement the above three features. It would be nice to hear someone has running code for these protions of spec. Ignoring the above three items Let's Encrypt has implemented the core portions of draft-07 in Pebble[1]. It's presently using the pro-active issuance method described in draft-07. It does not support key change or revocation but is ready to be used by clients. There is an integration test client[2] based on Certbot's ACME python module and ACME4j has an experimental branch[3] capable of issuing certificates from Pebble. Let's Encrypt has also made significant progress implementing draft-07 in Boulder[4], the production Let's Encrypt CA software, but it is not yet ready for use by clients. This implementation does include key change and revocation but does **not** use pro-active issuance. I began a separate thread[5] for the order finalization approach that we have started to implement for Boulder. Pebble will be updated to use this issuance approach in place of pro-active issuance shortly. Are there any other servers or clients out there that are speaking draft-07 ACME and using order based issuance? - Daniel / cpu [0]: https://tools.ietf.org/html/draft-ietf-acme-acme-07 [1]: https://github.com/letsencrypt/pebble [2]: https://github.com/letsencrypt/boulder/blob/e2cc6fbe682dd5d49da32c2357838b0cc831f10f/test/chisel2.py [3]: https://github.com/shred/acme4j/tree/draft [4]: https://github.com/letsencrypt/boulder [5]: https://mailarchive.ietf.org/arch/msg/acme/DIjJEB06J5cFyuOlGPVcY2I51vg
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
