Hi Chris, Oh right. This was the draft with the STIR tie-in. I think this proves the point why people need to reply to the call-for-adoption thread, and not rely on my memory. (remember also that I was only at half the last f2f due to scheduling conflicts, so I don't think I was actually there for your presentation). I see some discussion in the 123 minutes, but it's pretty light on "consensus for adoption". https://datatracker.ietf.org/doc/minutes-123-acme/
Ok. I am willing to extend the call for adoption period. Can you please write up a description of the STIR tie-in, and post that to this thread? Since you are requesting that this document be Standards Track (rather than Informational), I will be most interested in people who are committed to implement this draft and do inter-op testing. On Fri, 26 Sept 2025 at 17:47, Chris Wendt <[email protected]> wrote: > Hi Mike, > > Just a reminder that I do recall at least a few folks that spoke up in the > f2f meeting giving support that were visiting from the Stir WG that would > be the primary audience and may not be on the ACME list. Would that count > towards consensus, I would hope? > > -Chris > > On Sep 26, 2025, at 11:08 AM, Mike Ounsworth <[email protected]> > wrote: > > > Hello ACME! > > The Call for Adoption > for draft-wendt-acme-authority-token-jwtclaimcon closed on 2025-09-22. > Despite MCR's positive review, one comment does not constitute working > group consensus. I am going to leave this document in datatracker in the > state Candidate For Adoption. I encourage the authors to present at the > ACME session it IETF 124 with the goal of drumming up more interest in this > draft, particularly from implementers. > > On Wed, 10 Sept 2025 at 16:14, Michael Richardson <[email protected]> > wrote: > >> >> I read acme-authority-token-jwtclaimcon-03. >> I was led into reviewing RFC8225, and RFC8226. >> The document seems well formed and very complete, and I think it could >> rapidly go to WGLC. >> >> I found the explanation around token-authority in section 4 a bit hard to >> understand. I was in "smile and nod" mode. I think those who know will >> know, but reviewers might balk. I'm rather unclear what the ACME client >> will >> do with this. I thought I understood RFC9447 well enough already, but >> clearly I don't. >> >> More consistent indenting of the JSON/JWT would be appreciated, such as >> the >> POST in section 4. >> >> I think that the "url" attribute in the Authorization object is the >> identical >> prV_B... as from RFC8555. That's not wrong, it's just an example...., >> but I >> worry that someone will think they need to be the same, and I think that >> in >> real life they need to be different. So make up a new random URL. >> >> I hadn't realized that these STIR PKIX certificates had JWT in an >> extension! >> Is this new? Is this why this document exists? >> >> Is the account id mentioned in section 5.2 related to the ACME Account? >> I think not. >> >> Should section 5.2 mention returning the response to the ACME server at >> the >> challenge URL? >> >> }5.5. ACME Challenges requiring multiple Authority Tokens >> } >> } The ACME new-order request may include multiple identifiers, each of >> } which is authorized separately. With the introduction of this >> } specification, for STIR certificates [RFC8226] two identifier types >> } are authorized using Authority Tokens: >> >> I read the document to understand how this document was >> dealing/documenting >> multiple identities, as ACME-RATS needs/wants to do the same. >> >> Please include the DER for the examples in section 5.5.1.1 and 5.5.1.2. >> UTF8String '"nam": "James Bond"' >> >> The use of ' and " quotes here was confusing to me at first scan. >> I think that inner parts are actually JSON? >> >> Section 5.5.2 has "sti-ca.com" rathere than example.com. >> >> Who will be implementing this? >> >> -- >> Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting >> ) >> Sandelman Software Works Inc, Ottawa and Worldwide >> > _______________________________________________ > Acme mailing list -- [email protected] > To unsubscribe send an email to [email protected] > >
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
