I'm generally supportive of this, but one concern I do have, and I admit I'm mostly just thinking aloud here, is that we are slowly accumulating a larger and larger number of things that look like certificates, but aren't due to people playing games with critical extensions.
I think we may come to regret using that trick so much. Such schemes are only one software bug away from having rather profound effects on trust decisions and the entire ecosystem. The trick is one of the more ugly parts of certificate transparency, and I would encourage people to think about whether it is possible to accomplish what this draft is trying to accomplish without repeating that mistake. -Tim > -----Original Message----- > From: Acme [mailto:acme-boun...@ietf.org] On Behalf Of internet- > dra...@ietf.org > Sent: Friday, March 2, 2018 7:35 PM > To: i-d-annou...@ietf.org > Cc: firstname.lastname@example.org > Subject: [Acme] I-D Action: draft-ietf-acme-tls-alpn-00.txt > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Automated Certificate Management > Environment WG of the IETF. > > Title : ACME TLS ALPN Challenge Extension > Author : Roland Bracewell Shoemaker > Filename : draft-ietf-acme-tls-alpn-00.txt > Pages : 7 > Date : 2018-03-02 > > Abstract: > This document specifies a new challenge for the Automated Certificate > Management Environment (ACME) protocol which allows for domain > control validation using TLS. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-acme-tls-alpn/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-00 > https://datatracker.ietf.org/doc/html/draft-ietf-acme-tls-alpn-00 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme
Description: S/MIME cryptographic signature
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme