Hi all, Hope you've all recovered from IETF116, it was lovely seeing you all there. Thanks to those who already gave me feedback on my draft.
As promised in my brief presentation at the WG meeting, here's my post introducing my draft draft <https://datatracker.ietf.org/doc/draft-misell-acme-onion/> -misell-acme-onion <https://datatracker.ietf.org/doc/draft-misell-acme-onion/> to ease issuance of certificates to Tor hidden services. DigiCert and HARICA already issue X.509 certificates to Tor hidden services but there is no automation whatsoever on this. From my discussions with the Tor community this is something that bothers them so I've taken to writing this draft to hopefully address that. The draft defines three ways of validation: - http-01 over Tor - tls-alpn-01 over Tor - A new method onion-csr-01, where the CSR is signed by the key of the onion service An explicit non goal is to define validation methods not already approved by the CA/BF, however if someone can make a compelling argument for an entirely novel method I wouldn't be entirely opposed to it. Looking forward to your feedback, and some indication that this would be worth adopting as a WG draft. Thanks, Q Misell
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
