After some research I found https://datatracker.ietf.org/doc/draft-ietf-acme-client/ which almost fills the bill. What would the preferred procedure be, including challenge?
Attestations like offered by FIDO is not a part of ACME, right? thanx, Anders On 2021-10-11 9:03, Anders Rundgren wrote:
Dear ACME experts, I haven't kept track of ACME so please pardon my somewhat naive question: In Open Banking, service providers (TPPs) are equipped with TLS client certificates as well as signature certificates. Currently the certificates (including associated private keys), are distributed by the CA as encrypted files. This makes updates fairly difficult and not entirely compatible with the highly regulated nature of these providers. Question: does ACME support this scenario? thanx, Anders
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme