Hey folks, I wanted to give you an update that the current version of the draft <https://datatracker.ietf.org/doc/draft-ietf-acme-dns-account-label/00/> has been approved <https://cabforum.org/2025/01/28/ballot-sc084-dns-labeled-with-acme-account-id-validation-method/> as a validation method by the CA/B forum. This validation method fills in one of the last gaps of being able to use ACME for certificate issuance in large scale systems. This validation method allows the owner/manager of a domain name to delegate certificate issuance to more than one entity. This was a major blocker in adopting ACME for multi-cloud, or multi-purpose (SMIME and WebPKI, for example) certificate issuance.
We’ve had some conversations here about this method, and other alternative methods of implementing it. These discussions have lead to major changes and adjustments to this draft in the past few years. I am happy with where the draft is today. I think it addresses this major need, without bringing in additional complexity. Given that this is now an approved validation method, I’m looking to solicit some final feedback around this validation method. Barring any major concerns and blockers, I would like to propose that the working group go ahead with progressing this draft to the next steps. It would be good to have this draft progress to the next step in preparation for IETF 123. This draft, by its nature, doesn’t seem to be controversial, so I want to also avoid the trap of “lack of commentary means lack of interest.” I have one more update coming for this draft, both to change some affiliations and to extend the expiration of it in the data tracker. Thank you all! Amir
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
