Hi Kathleen, thanks for inviting me to provide a review. I read the draft-ietf-acme-client-11 draft. The document extends ACME protocol with 3 new challenges, such that ACME is applicable to issue client certificates. I think the contents have matured over many previous discussions. Just one question: When looking at the workload service accounts use case, I noticed the GCloud documentation permits authenticating a workload using external account credential from an external IDP<https://cloud.google.com/docs/authentication/application-default-credentials> or from a workload identity federation<https://cloud.google.com/iam/docs/workload-identity-federation-with-other-clouds> (a token or a credential configuration file). Do you have adaptability considerations on these methods? Or are they already covered by existing methods already?
Overall I am very supportive of the document. I believe it is an important draft that completes the missing piece and I would like to see it proceed. Best, Peter From: Kathleen Moriarty <kathleen.moriarty.i...@gmail.com> Sent: Wednesday, May 28, 2025 10:42 PM To: Liuchunchi(Peter) <liuchun...@huawei.com> Subject: Fwd: [Acme] I-D Action: draft-ietf-acme-client-10.txt Hello Peter! Would you please review the updated draft version that adds 3 challenge types and provide feedback to the ACME list? If you are interested to see these 3 challenge types progress, it would be helpful to see that support voiced on list. It adds challenge types for PKI, WebAuthn/FIDO, and OTP. Thank you! Kathleen ---------- Forwarded message --------- From: <internet-dra...@ietf.org<mailto:internet-dra...@ietf.org>> Date: Wed, May 28, 2025 at 10:06 AM Subject: [Acme] I-D Action: draft-ietf-acme-client-10.txt To: <i-d-annou...@ietf.org<mailto:i-d-annou...@ietf.org>> Cc: <acme@ietf.org<mailto:acme@ietf.org>> Internet-Draft draft-ietf-acme-client-10.txt is now available. It is a work item of the Automated Certificate Management Environment (ACME) WG of the IETF. Title: ACME End User Client and Code Signing Certificates Author: Kathleen M. Moriarty Name: draft-ietf-acme-client-10.txt Pages: 16 Dates: 2025-05-28 Abstract: Automated Certificate Management Environment (ACME) core protocol addresses the use case of web server certificates for TLS. This document extends the ACME protocol to support service account authentication credentials, micro-service accounts credentials, device client, and code signing certificates and keys. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-acme-client/ There is also an HTMLized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-acme-client-10 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-acme-client-10 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts _______________________________________________ Acme mailing list -- acme@ietf.org<mailto:acme@ietf.org> To unsubscribe send an email to acme-le...@ietf.org<mailto:acme-le...@ietf.org> -- Best regards, Kathleen
_______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
