[Acme] Fwd: New Version Notification for draft-sheffer-acme-star-delegation-01.txt

Tue, 13 Nov 2018 12:44:21 -0800

We submitted a new version of this document, the second one we discussed in Bangkok. The only change is the addition of a Security Considerations section that explains how the CDN can be prevented from issuing certificates for the delegated domain. 

Thanks,
        Yaron


-------- Forwarded Message --------
Subject: New Version Notification for draft-sheffer-acme-star-delegation-01.txt 
Date: Tue, 13 Nov 2018 12:39:45 -0800
From: internet-dra...@ietf.org
To: Yaron Sheffer <yaronf.i...@gmail.com>, Thomas Fossati <thomas.foss...@nokia.com>, Antonio Agustin Pastor Perales <antonio.pastorpera...@telefonica.com>, Antonio Pastor <antonio.pastorpera...@telefonica.com>, Diego Lopez <diego.r.lo...@telefonica.com> 


A new version of I-D, draft-sheffer-acme-star-delegation-01.txt
has been successfully submitted by Yaron Sheffer and posted to the
IETF repository.

Name:           draft-sheffer-acme-star-delegation
Revision:       01
Title:          An ACME Profile for Generating Delegated STAR Certificates
Document date:  2018-11-13
Group:          Individual Submission
Pages:          13
URL: https://www.ietf.org/internet-drafts/draft-sheffer-acme-star-delegation-01.txt Status: https://datatracker.ietf.org/doc/draft-sheffer-acme-star-delegation/ Htmlized: https://tools.ietf.org/html/draft-sheffer-acme-star-delegation-01 Htmlized: https://datatracker.ietf.org/doc/html/draft-sheffer-acme-star-delegation Diff: https://www.ietf.org/rfcdiff?url2=draft-sheffer-acme-star-delegation-01 

Abstract:
   This memo proposes a profile of the ACME protocol that allows the
   owner of an identifier (e.g., a domain name) to delegate to a third
   party access to a certificate associated with said identifier.  A
   primary use case is that of a CDN (the third party) terminating TLS
   sessions on behalf of a content provider (the owner of a domain
   name).  The presented mechanism allows the owner of the identifier to
   retain control over the delegation and revoke it at any time by
   cancelling the associated STAR certificate renewal with the ACME CA.
   Another key property of this mechanism is it does not require any
   modification to the deployed TLS ecosystem.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

Reply via email to