Hello Kathleen,
I reviewed this draft again, I think it is better to add a section for document signing certificate, not just mention it in the head. CA/B Forum doesn’t have document signing certificate BR now that I am pushing this, it is very helpful in IETF WG to push this in ACME for document signing certificate, then all type certificates will support ACME, not just SSL/TLS certificate. Thanks. Best Regards Richard Wang From: Kathleen Moriarty <kathleen.moriarty.i...@gmail.com> Sent: Sunday, June 1, 2025 10:58 PM To: rich...@zotrus.com Cc: acme@ietf.org; i-d-annou...@ietf.org Subject: [Acme] Re: I-D Action: draft-ietf-acme-client-10.txt Hello Richard, I've changed the following text in the 2nd paragraph of the introduction in my working copy: The core ACME protocol defined challenge types specific to web server certificates with the possibility to create extensions, or additional challenge types for other use cases and certificate types. Client certificates, such as end user, digital signature, and service authentication also benefit from automated management to ease the deployment and maintenance of these certificate types, thus the definition of this extension defining challenge types for end users and service accounts (e.g. cloud native containers, microservices). Use cases for of digital signatures are increasingly becoming foundational for integrity protection, origin authentication and data provenance including the following that may benefit from automating the certificate and key management for functions such as code signing, document signing (e.g. PDF), and format signing (e.g. JWT, SPDX). Please let me know if this addresses your request. Thank you, Kathleen On Sun, Jun 1, 2025 at 6:07 AM Kathleen Moriarty <kathleen.moriarty.i...@gmail.com <mailto:kathleen.moriarty.i...@gmail.com> > wrote: Sent from my mobile device > On May 31, 2025, at 11:21 PM, rich...@zotrus.com <mailto:rich...@zotrus.com> > wrote: > > This is a great move for client certificate (except S/MIME certificate) and > code signing certificate. > I suggest adding Document signing certificate ACME support. > Adobe required the document signing certificate must be securely stored in > HSM like code signing certificate, so we can use the same challenge types > here to document signing certificate, just need to add the statement that it > is appliable to Document Signing certificate. > Thanks. > Thank you for the feedback and support, Richard. I’ll add that into the text. Challenge types and certificate type are decoupled since you specify the certificate type in the CSR, so this is an easy informational addition. Best regards, Kathleen > Richard Wang > > -----Original Message----- > From: internet-dra...@ietf.org <mailto:internet-dra...@ietf.org> > <internet-dra...@ietf.org <mailto:internet-dra...@ietf.org> > > Sent: Wednesday, May 28, 2025 10:05 PM > To: i-d-annou...@ietf.org <mailto:i-d-annou...@ietf.org> > Cc: acme@ietf.org <mailto:acme@ietf.org> > Subject: [Acme] I-D Action: draft-ietf-acme-client-10.txt > > Internet-Draft draft-ietf-acme-client-10.txt is now available. It is a work > item of the Automated Certificate Management Environment (ACME) WG of the > IETF. > > Title: ACME End User Client and Code Signing Certificates > Author: Kathleen M. Moriarty > Name: draft-ietf-acme-client-10.txt > Pages: 16 > Dates: 2025-05-28 > > Abstract: > > Automated Certificate Management Environment (ACME) core protocol > addresses the use case of web server certificates for TLS. This > document extends the ACME protocol to support service account > authentication credentials, micro-service accounts credentials, > device client, and code signing certificates and keys. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-acme-client/ > > There is also an HTMLized version available at: > https://datatracker.ietf.org/doc/html/draft-ietf-acme-client-10 > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-acme-client-10 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > Acme mailing list -- acme@ietf.org <mailto:acme@ietf.org> > To unsubscribe send an email to acme-le...@ietf.org > <mailto:acme-le...@ietf.org> > > _______________________________________________ > Acme mailing list -- acme@ietf.org <mailto:acme@ietf.org> > To unsubscribe send an email to acme-le...@ietf.org > <mailto:acme-le...@ietf.org> -- Best regards, Kathleen
_______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
