I support WGLC for draft-ietf-acme-star-delegation. This draft together with RFC 8739 forms the core of the delegation method proposed in the draft https://tools.ietf.org/pdf/draft-ietf-cdni-interfaces-https-delegation-04.pdf of which I am the co-author.
I support this draft as it adds a mechanism allowing the owner of the identifier to retain control over the delegation and revoke it at any time by canceling the associated certificate renewal with the ACME CA. This capability is needed specifically in the CDNI use case (draft listed above) to allow an upstream entity (e.g. an upstream CDN) revoke any delegation to a downstream entity (e.g. a downstream CDN). Thank you Sanjay From: Acme [mailto:[email protected]] On Behalf Of Yoav Nir Sent: Saturday, October 3, 2020 5:35 PM To: IETF ACME <[email protected]> Subject: [E] [Acme] WGLC on draft-ietf-acme-star-delegation Hello all This memo proposes a profile of the ACME protocol that allows the owner of an identifier (e.g., a domain name) to delegate to a third party access to a certificate associated with said identifier. A primary use case is that of a CDN (the third party) terminating TLS sessions on behalf of a content provider (the owner of a domain name). The presented mechanism allows the owner of the identifier to retain control over the delegation and revoke it at any time by cancelling the associated STAR certificate renewal with the ACME CA. Another key property of this mechanism is it does not require any modification to the deployed TLS ecosystem. Having this document discussed in the working group for almost two years, the authors and chairs believe that this document is ready for working group last call. So this is to start a 2-week WGLC on this document. Please read the document and send comments to the list. Statements of support or opposition are also welcome, especially if accompanied by a technical explanation. Send the comments to the list by EOD Monday 19-Oct-2020. Rich & Yoav
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
