(with my personal hat on) I don’t claim to be a great expert on Tor. That said, if this draft is the straightforward ACME extension to implement CA/B F BR 1.8.6 Appdx B, then I support adoption.
That discussion of why a CA would or would not implement this draft begs the next question: are there CA operators with an intent to implement this draft? Basically, is there running code? --- Mike Ounsworth From: Acme <[email protected]> On Behalf Of Aaron Gable Sent: Friday, June 9, 2023 11:56 AM To: Deb Cooley <[email protected]> Cc: IETF ACME <[email protected]> Subject: [EXTERNAL] Re: [Acme] Call for adoption of draft-misell-acme-onion-02 WARNING: This email originated outside of Entrust. DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. ________________________________ Hi all, I support the draft for adoption. Specifically, I think it's a good thing to standardize the onion-csr-01 challenge type. I have two classes of comments that I look forward to discussing in-depth after adoption: 1) Obviously it's valuable for this draft to standardize a method that is already accepted by the CA/BF. But in the long term there's no need to use a CSR as the transport mechanism for a random token, a public key, and a signature -- moving away from x509 for this would be nice in the long term. Probably out-of-scope for this document, but worth discussing. 2) The primary benefit of the onion-csr-01 method is that it allows the CA to perform domain control validation without operating a Tor client. However, this benefit is obviated entirely by the need to operate a Tor client to check for CAA in the hidden service descriptor. It seems likely that there are CAs which have avoided implementing HTTP-01 and TLS-ALPN-01 for .onion due to the need to operate a Tor client; these same CAs may have been willing to implement ONION-CSR-01, but now will not due to the CAA mechanism. Thanks, Aaron On Sun, Jun 4, 2023 at 4:07 AM Deb Cooley <[email protected]<mailto:[email protected]>> wrote: This will be a two week call for adoption ending on 16 June. Please speak up either for or against adopting this draft. Thanks, Deb _______________________________________________ Acme mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/acme<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/acme__;!!FJ-Y8qCqXTj2!dFBmfm1apJ4-UmjFogFCu_Ia3l0BmVVqTZUsaZ_Av0j5LuahOtReLBZjOnb_RkMDev1a1-269Xq8UzPIUIfJ2ugpvMFCJ1Pbilvr$> Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
