Reposting this to see if we can close the two open issues.
On 10/12/20, 4:25 AM, "Owen Friel (ofriel)" <[email protected]> wrote: This new draft addresses the comments that were raised back in August by Russ. It also explicitly lists in the Open Items https://tools.ietf.org/html/draft-friel-acme-subdomains-03#section-4 the two main open items that have been raised by Felipe and Ryan: 1. Does the client need a mechanism to indicate that they want to authz a parent domain and not the explicit subdomain identifier? Or a mechanism to indicate that they are happy to authz against a choice of identifiers? 2. Does the server need a mechanism to provide a choice of identifiers to the client and let the client chose which to fulfil? Both would require some JSON definition work. If we can't reach consensus on the mailer, we could discuss at IETF 109 Online. Cheers, Owen -----Original Message----- From: [email protected] <[email protected]> Sent: 09 October 2020 18:35 To: Richard Barnes <[email protected]>; Tim Hollebeek <[email protected]>; Owen Friel (ofriel) <[email protected]>; Michael Richardson <[email protected]> Subject: New Version Notification for draft-friel-acme-subdomains-03.txt A new version of I-D, draft-friel-acme-subdomains-03.txt has been successfully submitted by Owen Friel and posted to the IETF repository. Name: draft-friel-acme-subdomains Revision: 03 Title: ACME for Subdomains Document date: 2020-10-09 Group: Individual Submission Pages: 13 URL: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_id_draft-2Dfriel-2Dacme-2Dsubdomains-2D03.txt&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=BU6Y6_X7HUffuxdnapklOZeMRtGd0KkNPaAvb49LYKA&e= Status: https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dfriel-2Dacme-2Dsubdomains_&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=nVKzeNyyg4s-D5rg2gvxxaqf3bhTy0szmVOHFSVe3pQ&e= Htmlized: https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Dfriel-2Dacme-2Dsubdomains&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=8Pobbb3L_ALZLAMgcmOGrA-gFJOU9BYqtf3W8wSukRQ&e= Htmlized: https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dfriel-2Dacme-2Dsubdomains-2D03&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=c1L6LvA9uHzoce1HPiXM3fgOffVbmmoDhpzN_nu0cFE&e= Diff: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_rfcdiff-3Furl2-3Ddraft-2Dfriel-2Dacme-2Dsubdomains-2D03&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=iG7_buccTRbxl6J5pk_IvqgfgdIUPJH3J1GmYZ9bKaY&e= Abstract: This document outlines how ACME can be used by a client to obtain a certificate for a subdomain identifier from a certification authority. The client has fulfilled a challenge against a parent domain but does not need to fulfil a challenge against the explicit subdomain as certificate policy allows issuance of the subdomain certificate without explicit subdomain ownership proof. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ Acme mailing list [email protected] https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_acme&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=TvT7TDlUQ5gKnK6wZ-OXEwDofAYq7LINGqq4Q-XaRKU&s=ohK3nmt-JwvlYhgDVOMz6y80hA19HWsBGFGonK7XlHI&e= _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
