[Acme] FW: New Version Notification for draft-ietf-acme-star-delegation-04.txt

Tue, 25 Aug 2020 05:28:58 -0700 

Dear ACME team,

We just submitted a major revision to this document. Summary of changes:

* Delegation of non-STAR certificates.
* More IANA clarity, specifically on certificate extensions.
* Add delegation configuration object and extend account and order objects 
accordingly.
* A lot more depth on Security Considerations.

Note: We consider delegation of regular (non-STAR) certificates a useful 
feature, but not a central use case. Therefore we kept most of the body of the 
spec focused on STAR certificates, with the changes for non-STAR certs listed 
in Sec. 2.4.

Thanks,
        Yaron

On 8/25/20, 15:20, "[email protected]" <[email protected]> wrote:


    A new version of I-D, draft-ietf-acme-star-delegation-04.txt
    has been successfully submitted by Yaron Sheffer and posted to the
    IETF repository.

    Name:               draft-ietf-acme-star-delegation
    Revision:   04
    Title:              An ACME Profile for Generating Delegated STAR 
Certificates
    Document date:      2020-08-25
    Group:              acme
    Pages:              33
    URL:            
https://www.ietf.org/internet-drafts/draft-ietf-acme-star-delegation-04.txt
    Status:         
https://datatracker.ietf.org/doc/draft-ietf-acme-star-delegation/
    Htmlized:       
https://tools.ietf.org/html/draft-ietf-acme-star-delegation-04
    Htmlized:       
https://datatracker.ietf.org/doc/html/draft-ietf-acme-star-delegation
    Diff:           
https://www.ietf.org/rfcdiff?url2=draft-ietf-acme-star-delegation-04

    Abstract:
       This memo proposes a profile of the ACME protocol that allows the
       owner of an identifier (e.g., a domain name) to delegate to a third
       party access to a certificate associated with said identifier.  A
       primary use case is that of a CDN (the third party) terminating TLS
       sessions on behalf of a content provider (the owner of a domain
       name).  The presented mechanism allows the owner of the identifier to
       retain control over the delegation and revoke it at any time by
       cancelling the associated STAR certificate renewal with the ACME CA.
       Another key property of this mechanism is it does not require any
       modification to the deployed TLS ecosystem.




    Please note that it may take a couple of minutes from the time of submission
    until the htmlized version and diff are available at tools.ietf.org.

    The IETF Secretariat




_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme

Reply via email to