Re: [Acme] Add a special token parameter in ACME registration

2016-08-16 Thread Andrew Ayer
On Tue, 16 Aug 2016 16:48:27 -0400 Richard Barnes wrote: > There are two clearly separable problems here: > > 1. Associating an ACME account key to an account in some other system > 2. Determining when to issue an EV certificate (and with what > contents) > > Let's address them

Re: [Acme] Add a special token parameter in ACME registration

2016-08-16 Thread Andy Ligg
See below inline, thanks. Regards, Andy > On 17 Aug 2016, at 00:11, Jacob Hoffman-Andrews wrote: > > On 08/16/2016 08:14 AM, Andy Ligg wrote: >>> One possibility would to make it the client's responsibility to request >>> EV by including the desired O, OU, etc. fields in the

Re: [Acme] Add a special token parameter in ACME registration

2016-08-16 Thread Richard Barnes
On Tuesday, August 16, 2016, Martin Thomson wrote: > On 17 August 2016 at 06:48, Richard Barnes wrote: > > a. Infer the certificate type from the CSR. For example, if the Subject > in > > the CSR has (C, O, CN), infer that the applicant wants EV. > > b.

Re: [Acme] Add a special token parameter in ACME registration

2016-08-16 Thread Martin Thomson
On 17 August 2016 at 06:48, Richard Barnes wrote: > a. Infer the certificate type from the CSR. For example, if the Subject in > the CSR has (C, O, CN), infer that the applicant wants EV. > b. Have a field in the new-application request that the client can use to > indicate what

Re: [Acme] Add a special token parameter in ACME registration

2016-08-16 Thread Richard Barnes
There are two clearly separable problems here: 1. Associating an ACME account key to an account in some other system 2. Determining when to issue an EV certificate (and with what contents) Let's address them each separately. (Note that Andy filed https://github.com/ietf-wg-acme/acme/issues/170

Re: [Acme] Add a special token parameter in ACME registration

2016-08-16 Thread Andy Ligg
See below inline, thanks. From: Jacob Hoffman-Andrews [mailto:j...@eff.org] Sent: Tuesday, August 16, 2016 12:35 AM To: J.C. Jones <jjo...@mozilla.com>; Andy Ligg <a...@startssl.com> Cc: Acme@ietf.org Subject: Re: [Acme] Add a special token parameter in ACME registration One

Re: [Acme] Add a special token parameter in ACME registration

2016-08-16 Thread Andy Ligg
ubject: Re: [Acme] Add a special token parameter in ACME registration Hi Andy, I'm not sure I follow exactly what the format of this token would be, or what message(s) in the protocol you'd like to add it to. Perhaps you can make some specific recommendations - even if they're tentative ex

Re: [Acme] Add a special token parameter in ACME registration

2016-08-15 Thread J.C. Jones
Hi Andy, I'm not sure I follow exactly what the format of this token would be, or what message(s) in the protocol you'd like to add it to. Perhaps you can make some specific recommendations - even if they're tentative examples - for the WG to look at and reason through? Thanks! J.C. On Sun, Aug

[Acme] Add a special token parameter in ACME registration

2016-08-14 Thread Andy Ligg
Hi all, StartCom plan to use ACME protocol for StartEncrypt, we need to identify the client's validation level, so the subscriber administration can generate a special token in the StartSSL.com account that send this token to the email address used in the ACME registration. At the