We submitted a new version of this document, the second one we discussed
in Bangkok. The only change is the addition of a Security Considerations
section that explains how the CDN can be prevented from issuing
certificates for the delegated domain.
Thanks,
Yaron
-------- Forwarded Message --------
Subject: New Version Notification for
draft-sheffer-acme-star-delegation-01.txt
Date: Tue, 13 Nov 2018 12:39:45 -0800
From: internet-dra...@ietf.org
To: Yaron Sheffer <yaronf.i...@gmail.com>, Thomas Fossati
<thomas.foss...@nokia.com>, Antonio Agustin Pastor Perales
<antonio.pastorpera...@telefonica.com>, Antonio Pastor
<antonio.pastorpera...@telefonica.com>, Diego Lopez
<diego.r.lo...@telefonica.com>
A new version of I-D, draft-sheffer-acme-star-delegation-01.txt
has been successfully submitted by Yaron Sheffer and posted to the
IETF repository.
Name: draft-sheffer-acme-star-delegation
Revision: 01
Title: An ACME Profile for Generating Delegated STAR Certificates
Document date: 2018-11-13
Group: Individual Submission
Pages: 13
URL:
https://www.ietf.org/internet-drafts/draft-sheffer-acme-star-delegation-01.txt
Status:
https://datatracker.ietf.org/doc/draft-sheffer-acme-star-delegation/
Htmlized:
https://tools.ietf.org/html/draft-sheffer-acme-star-delegation-01
Htmlized:
https://datatracker.ietf.org/doc/html/draft-sheffer-acme-star-delegation
Diff:
https://www.ietf.org/rfcdiff?url2=draft-sheffer-acme-star-delegation-01
Abstract:
This memo proposes a profile of the ACME protocol that allows the
owner of an identifier (e.g., a domain name) to delegate to a third
party access to a certificate associated with said identifier. A
primary use case is that of a CDN (the third party) terminating TLS
sessions on behalf of a content provider (the owner of a domain
name). The presented mechanism allows the owner of the identifier to
retain control over the delegation and revoke it at any time by
cancelling the associated STAR certificate renewal with the ACME CA.
Another key property of this mechanism is it does not require any
modification to the deployed TLS ecosystem.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme