On Tue, Nov 18, 2014 at 9:07 AM, Michael Richardson <[email protected]> wrote:
> > Joseph Lorenzo Hall <[email protected]> wrote: > > Let?s Encrypt will employ a number of new technologies to manage > > secure automated verification of domains and issuance of > certificates. > > We will use a protocol we?re developing called ACME between web > > servers and the CA, which includes support for new and stronger forms > > of domain validation. We will also employ Internet-wide datasets of > > This is exciting; any interaction with cacert.org? > So, some kind of online certificate enrollment. > What protocols? What open source? > Here's what we have so far: Protocol: https://github.com/letsencrypt/acme-spec Demo Implementations: https://github.com/letsencrypt/node-acme https://github.com/letsencrypt/lets-encrypt-preview Obviously, this is a first cut, and will benefit a lot from more eyes. (AGL already pointed out something I should have caught in the first round.) This will be coming to the IETF Real Soon Now. I actually think there's a fair bit of momentum around automating certificate management, even from commercial CAs. I can't imagine that Cloudflare is doing TLS on 2M sites without some degree of automation to their cert management. > I don't think this is is this going to help eliminate the invalid > certificates that seem inevitable from things like ILOMs/iDRAC/etc. because > the https interface to the service processor never knows what zone it will > use. I'd love to find a way for such appliance uses of HTTPS to come > up secure in some way. > I would be interested in that as well, since those things are a major source of cert validation bugs. Any ideas for what the authentication would be? Or maybe there's no meaningful authentication here, and it's a use case for HTTP over unauthenticated TLS. --Richard > > -- > Michael Richardson <[email protected]>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass > >
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
