All, This latest revision of the Node ID validation document has made both behavioral and editorial changes. The change to behavior and encodings (on both ACME and DTN channels) simplifies the logic for both server and client and also avoids a possible on-path impersonation method when a client account key thumbprint is known (from some other channel). Each of the two token parts and new ID value are now single purpose and more closely resemble the values in the email validation RFC 8823. The editorial changes are to add clarity to the DTN terms and uses. I believe all of thr comments received to date have been addressed. Thank you, Brian S.
On Mon, Jan 10, 2022, 23:24 <internet-dra...@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Automated Certificate Management > Environment WG of the IETF. > > Title : Automated Certificate Management Environment > (ACME) Delay-Tolerant Networking (DTN) Node ID Validation Extension > Author : Brian Sipos > Filename : draft-ietf-acme-dtnnodeid-08.txt > Pages : 30 > Date : 2022-01-10 > > Abstract: > This document specifies an extension to the Automated Certificate > Management Environment (ACME) protocol which allows an ACME server to > validate the Delay-Tolerant Networking (DTN) Node ID for an ACME > client. The DTN Node ID is encoded as a certificate Subject > Alternative Name (SAN) of type otherName with a name form of > BundleEID and as an ACME Identifier type "bundleEID". > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-acme-dtnnodeid/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-acme-dtnnodeid-08.html > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-acme-dtnnodeid-08 > > > Internet-Drafts are also available by rsync at rsync.ietf.org: > :internet-drafts > > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme