Hello all This memo proposes a profile of the ACME protocol that allows the owner of an identifier (e.g., a domain name) to delegate to a third party access to a certificate associated with said identifier. A primary use case is that of a CDN (the third party) terminating TLS sessions on behalf of a content provider (the owner of a domain name). The presented mechanism allows the owner of the identifier to retain control over the delegation and revoke it at any time by cancelling the associated STAR certificate renewal with the ACME CA. Another key property of this mechanism is it does not require any modification to the deployed TLS ecosystem.
Having this document discussed in the working group for almost two years, the authors and chairs believe that this document is ready for working group last call. So this is to start a 2-week WGLC on this document. Please read the document and send comments to the list. Statements of support or opposition are also welcome, especially if accompanied by a technical explanation. Send the comments to the list by EOD Monday 19-Oct-2020. Rich & Yoav
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
