Hotspot 2.0 is behind a paywall: https://www.wi-fi.org/hotspot-20-release-2-technical-specification-package-v110
Russ On Apr 20, 2015, at 3:04 PM, Stephen Farrell wrote: > > Hiya, > > On 20/04/15 17:40, Russ Housley wrote: >> Stephen: >> >>>> I'm willing to assume that an attempt to replace things that >>>> people are using will meet with vigorous discussion. >>> >>> Right. People are using CMC, but not afaik when dealing with any >>> public CAs for getting certificates for public Internet services. I >>> think CMP has some similar but much smaller set of real uses. (*) >>> And I'm not sure if EST has gotten traction. SCEP has uses but >>> that's another kettle of cans of worms and fish;-) >>> >>> I think it would be better to have the vigorous discussion about >>> CMC vs.ACME-JSON-etc (if that's the one we need to have) before we >>> form the WG. But is that in fact the meat of your concern here? If >>> so, then I assume you'd be arguing for use of CMC/CRMF PDUs in ACME >>> messages. If not, I'm not back to being puzzled. Can you clarify? >> >> I was not concerned about CMC, CMP, or SCEP. My concern is around >> EST. The Hotspot spec points to it, and we should see if others are >> using it. > > (Do you have a ref for the hotspot spec? I don't know that one.) > > Anyway EST carries (a profile of) CMC messages [1] doesn't it? So > aren't we really asking about use of CMC-defined, ASN.1 encoded > payloads here after all? > > In case it helps, I think (open to correction of course) that everyone > would be fine with re-using and not duplicating PKCS#10, at least for > RSA, since that is what is well supported by well deployed code. And > that seems to be in the current ACME draft. [2] So I think we're mostly > talking about the bits and pieces of CMC/CRMF that go beyond PKCS#10 - > and it's those that are afaik unused and where we oughtn't be fussed > about duplicating (should that be what the WG wants). > > I do agree that we might want to think some more if there's significant > deployment of EST somewhere relevant, or if a good argument that that's > highly likely can be made. > > I also agree that asking the question "why isn't EST good enough" is > totally valid, and that it'd be great if someone would summarise the > earlier thread on that. [3] > > Cheers, > S. > > [1] https://tools.ietf.org/html/rfc7030#section-3 > [2] https://tools.ietf.org/html/draft-barnes-acme-01#section-4 > [3] https://www.ietf.org/mail-archive/web/acme/current/msg00003.html > > > >> >> Russ >> >> _______________________________________________ Acme mailing list >> [email protected] https://www.ietf.org/mailman/listinfo/acme >> _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
