Hi ACME WG, We did a few more detailed updates to this draft to include specific examples. We also would like to get specific feedback from the ACME experts on the use of multiple challenges to address multiple certificate extensions. In the case of stir, we have two extensions defined by RFC8226 and have defined two Authority tokens, the existing TNAuthList Authority token, and this draft defining JWTClaimConstraints Authority token. Will plan to review with the STIR WG as well, but certainly any feedback on how we address the example usage of multiple challenges would be very much appreciated.
Thanks! -Chris A new version of Internet-Draft draft-wendt-acme-authority-token-jwtclaimcon-03.txt has been successfully submitted by Chris Wendt and posted to the IETF repository. Name: draft-wendt-acme-authority-token-jwtclaimcon Revision: 03 Title: JWTClaimConstraints profile of ACME Authority Token Date: 2025-07-07 Group: Individual Submission Pages: 21 URL: https://www.ietf.org/archive/id/draft-wendt-acme-authority-token-jwtclaimcon-03.txt Status: https://datatracker.ietf.org/doc/draft-wendt-acme-authority-token-jwtclaimcon/ HTMLized: https://datatracker.ietf.org/doc/html/draft-wendt-acme-authority-token-jwtclaimcon Diff: https://author-tools.ietf.org/iddiff?url2=draft-wendt-acme-authority-token-jwtclaimcon-03 Abstract: This document defines an authority token profile for handling the validation of JWTClaimConstraints and EnhancedJWTClaimConstraints. This profile follows the model established in Authority Token for the validation of TNAuthList but is specifically tailored for the JWTClaimConstraints certificate extensions. The profile enables validation and challenge processes necessary to support certificates containing both TNAuthList and JWTClaimConstraints, particularly in the context of Secure Telephone Identity (STI). > On Jun 13, 2025, at 8:01 AM, Chris Wendt <[email protected]> wrote: > > Hi ACME WG, > > We have updated the draft related to stir use of authority token specific to > JWTClaimConstraints in ACME. I presented this at the last ACME IETF122 > meeting and got some support, but also presented it at the STIR WG meeting > and got good support there and will continue to keep the experts in the STIR > wg in the loop of this document. > > I would like to ask the working group to consider WG adoption. Like I > mentioned, I think this is a straight forward profile document that is likely > mostly complete for authority token and follows the same pattern as > TNAuthList for the other RFC8226 defined certificate extension > JWTClaimConstraints. > > Chairs, would appreciate your support for asking for Working Group adoption. > > Thanks! > > -Chris > >> Begin forwarded message: >> >> From: [email protected] >> Subject: New Version Notification for >> draft-wendt-acme-authority-token-jwtclaimcon-01.txt >> Date: June 13, 2025 at 8:38:08 AM EDT >> To: "Chris Wendt" <[email protected]>, "David Hancock" >> <[email protected]> >> >> A new version of Internet-Draft >> draft-wendt-acme-authority-token-jwtclaimcon-01.txt has been successfully >> submitted by Chris Wendt and posted to the >> IETF repository. >> >> Name: draft-wendt-acme-authority-token-jwtclaimcon >> Revision: 01 >> Title: JWTClaimConstraints profile of ACME Authority Token >> Date: 2025-06-13 >> Group: Individual Submission >> Pages: 16 >> URL: >> https://www.ietf.org/archive/id/draft-wendt-acme-authority-token-jwtclaimcon-01.txt >> Status: >> https://datatracker.ietf.org/doc/draft-wendt-acme-authority-token-jwtclaimcon/ >> HTMLized: >> https://datatracker.ietf.org/doc/html/draft-wendt-acme-authority-token-jwtclaimcon >> Diff: >> https://author-tools.ietf.org/iddiff?url2=draft-wendt-acme-authority-token-jwtclaimcon-01 >> >> Abstract: >> >> This document defines an authority token profile for handling the >> validation of JWTClaimConstraints and EnhancedJWTClaimConstraints. >> This profile follows the model established in Authority Token for the >> validation of TNAuthList but is specifically tailored for the >> JWTClaimConstraints certificate extensions. The profile enables >> validation and challenge processes necessary to support certificates >> containing both TNAuthList and JWTClaimConstraints, particularly in >> the context of Secure Telephone Identity (STI). >> >> >> >> The IETF Secretariat >> >> > > _______________________________________________ > Acme mailing list -- [email protected] > To unsubscribe send an email to [email protected]
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
