Salz, Rich <[email protected]> wrote: > Have you looked at what cloud providers do?
Yes. Perhaps you saw the references to "cloud-init", which has more than a handful of different ways of getting data from the virtualization environment into the VM: virtual CDroms, magic variables, http://169.254.254.254/ URLs, etc. As far as I can tell, none of them provide for a *certificate* suitable for TLS to be returned. There is no (defacto-) standard way to do ACME or EST or CMP via some channel. I'd love to be wrong. For some cloud environments, where port-443 (and 80 perhaps) is intended to be open, I can see a mediated ACME process with http-01 challenge, given that the cloud provider knows a URL at which the VM will be accessible. I can also see a scenario where a cloud provider could inject an IDevID into the VM, an operate an RFC8995(BRSKI) MASA, but AFAIK, nobody is doing that. {The VM *owner* would run the Registrar} -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
