This version of the draft addresses Russ's SecDir review - thank you Russ!
In addition it addresses Suresh's GenArt review which duplicated one of Russ's
comments.
Thanks,
Yaron
On 3/26/21, 14:26, "[email protected]" <[email protected]> wrote:
A new version of I-D, draft-ietf-acme-star-delegation-07.txt
has been successfully submitted by Yaron Sheffer and posted to the
IETF repository.
Name: draft-ietf-acme-star-delegation
Revision: 07
Title: An ACME Profile for Generating Delegated Certificates
Document date: 2021-03-26
Group: acme
Pages: 44
URL:
https://www.ietf.org/archive/id/draft-ietf-acme-star-delegation-07.txt
Status:
https://datatracker.ietf.org/doc/draft-ietf-acme-star-delegation/
Html:
https://www.ietf.org/archive/id/draft-ietf-acme-star-delegation-07.html
Htmlized:
https://tools.ietf.org/html/draft-ietf-acme-star-delegation-07
Diff:
https://www.ietf.org/rfcdiff?url2=draft-ietf-acme-star-delegation-07
Abstract:
This memo defines a profile of the Automatic Certificate Management
Environment (ACME) protocol by which the owner of an identifier
(e.g., a domain name) can allow a third party to obtain an X.509
certificate such that the certificate subject is the delegated
identifier while the certified public key corresponds to a private
key controlled by the third party. A primary use case is that of a
Content Delivery Network (CDN, the third party) terminating TLS
sessions on behalf of a content provider (the owner of a domain
name). The presented mechanism allows the owner of the identifier to
retain control over the delegation and revoke it at any time. A key
property of this mechanism is it does not require any modification to
the deployed TLS ecosystem.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
