[cabf_validation] Fwd: [Acme] Protocol Action: 'ACME TLS ALPN Challenge Extension' to Proposed Standard (draft-ietf-acme-tls-alpn-07.txt)
Tim Hollebeek
tim.hollebeek at digicert.com
Tue Oct 22 11:22:53 MST 2019
I agree with that. We’ve waiting this long; we might as well let it get a shiny new RFC number.
-Tim
From: Validation <validation-bounces at cabforum.org> On Behalf Of Jacob Hoffman-Andrews via Validation
Sent: Friday, October 18, 2019 1:49 PM
To: Wayne Thayer via Validation <validation at cabforum.org>
Subject: Re: [cabf_validation] Fwd: [Acme] Protocol Action: 'ACME TLS ALPN Challenge Extension' to Proposed Standard (draft-ietf-acme-tls-alpn-07.txt)
This still has a few steps to go through to become an RFC; I think it makes sense to wait for now.
On Thu, Oct 17, 2019 at 5:54 PM Wayne Thayer via Validation <validation at cabforum.org <mailto:validation at cabforum.org> > wrote:
Should we go ahead now and replace method 10 with this?
- Wayne
---------- Forwarded message ---------
From: The IESG <iesg-secretary at ietf.org <mailto:iesg-secretary at ietf.org> >
Date: Thu, Oct 17, 2019 at 12:32 PM
Subject: [Acme] Protocol Action: 'ACME TLS ALPN Challenge Extension' to Proposed Standard (draft-ietf-acme-tls-alpn-07.txt)
To: IETF-Announce <ietf-announce at ietf.org <mailto:ietf-announce at ietf.org> >
Cc: <rdd at cert.org <mailto:rdd at cert.org> >, <cpu at letsencrypt.org <mailto:cpu at letsencrypt.org> >, <acme at ietf.org <mailto:acme at ietf.org> >, <draft-ietf-acme-tls-alpn at ietf.org <mailto:draft-ietf-acme-tls-alpn at ietf.org> >, The IESG <iesg at ietf.org <mailto:iesg at ietf.org> >, <acme-chairs at ietf.org <mailto:acme-chairs at ietf.org> >, <rfc-editor at rfc-editor.org <mailto:rfc-editor at rfc-editor.org> >
The IESG has approved the following document:
- 'ACME TLS ALPN Challenge Extension'
(draft-ietf-acme-tls-alpn-07.txt) as Proposed Standard
This document is the product of the Automated Certificate Management
Environment Working Group.
The IESG contact persons are Benjamin Kaduk and Roman Danyliw.
A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-acme-tls-alpn/
Technical Summary
The ACME-TLS-ALPN draft extends the Automatic Certificate Management Environment
(ACME) with a new domain validation challenge type (tls-alpn-01) that can be
performed at the TLS layer alone. This challenge type meets the need of users
(hosting providers, CDNs, etc) who wish to prove authorization of a DNS
identifier without modifying HTTP handling behaviour or updating DNS zone data.
This is the spiritual successor to the deprecated/removed TLS-SNI-01/02
challenge types from earlier ACME drafts.
Working Group Summary
There is WG consensus on the document
Earlier drafts specified a id-pe-acmeIdentifier OID that was already assigned by
IANA. This has been addressed in the latest draft. The ASN.1 format of the
id-pe-acmeIdentifier was also both simplified (removing an unneeded subarc from
the OID) and clarified (to emphasize the SHA-256 digest value).
Document Quality
Let's Encrypt, a high-volume ACME based CA, has fully implemented the
tls-alpn-01 challenge type and has been issuing certificates in production using
this challenge type since July 12th, 2018. Multiple independent ACME clients
have implemented support for this challenge type.
The overall document quality is high. Developing an implementation based on the
specification text is reasonable. Interoperable client/server implementations
exist and are in use in a production setting.
Personnel
The document shepard is Daniel McCarney.
The responsible area director is Roman Danyliw.
_______________________________________________
Acme mailing list
Acme at ietf.org <mailto:Acme at ietf.org>
https://www.ietf.org/mailman/listinfo/acme
_______________________________________________
Validation mailing list
Validation at cabforum.org <mailto:Validation at cabforum.org>
https://cabforum.org/mailman/listinfo/validation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20191022/761e21de/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20191022/761e21de/attachment.p7s>
More information about the Validation
mailing list