I'm generally supportive of this, but one concern I do have, and I admit
I'm mostly just thinking aloud here, is that we are slowly accumulating a
larger and larger number of things that look like certificates, but aren't
due to people playing games with critical extensions.

I think we may come to regret using that trick so much.  Such schemes
are only one software bug away from having rather profound effects
on trust decisions and the entire ecosystem.

The trick is one of the more ugly parts of certificate transparency, and I 
would encourage people to think about whether it is possible to 
accomplish what this draft is trying to accomplish without repeating that 


> -----Original Message-----
> From: Acme [mailto:acme-boun...@ietf.org] On Behalf Of internet-
> dra...@ietf.org
> Sent: Friday, March 2, 2018 7:35 PM
> To: i-d-annou...@ietf.org
> Cc: acme@ietf.org
> Subject: [Acme] I-D Action: draft-ietf-acme-tls-alpn-00.txt
> A New Internet-Draft is available from the on-line Internet-Drafts
> This draft is a work item of the Automated Certificate Management
> Environment WG of the IETF.
>         Title           : ACME TLS ALPN Challenge Extension
>         Author          : Roland Bracewell Shoemaker
>       Filename        : draft-ietf-acme-tls-alpn-00.txt
>       Pages           : 7
>       Date            : 2018-03-02
> Abstract:
>    This document specifies a new challenge for the Automated Certificate
>    Management Environment (ACME) protocol which allows for domain
>    control validation using TLS.
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-acme-tls-alpn/
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-00
> https://datatracker.ietf.org/doc/html/draft-ietf-acme-tls-alpn-00
> Please note that it may take a couple of minutes from the time of
> until the htmlized version and diff are available at tools.ietf.org.
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Acme mailing list

Reply via email to