Hi ACME WG, Here's the material I intended to present regarding my ACME Profiles draft at IETF 121. My slides are attached.
I have published draft-aaron-acme-profiles-00 <https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/>, the first draft of my proposal for incorporating "profile selection" into the ACME protocol, as I proposed at IETF 120. Concretely, the draft does four things: - establishes a new "profiles" field within the Directory's "meta" object, which allows the server to advertise the profiles that clients can select; - establishes a new "profile" field on Order objects, which allows clients to request a profile when making a new-order request and allows servers to display the profile associated with an order; - sets rules for when and how clients should request profiles, and when and how servers should accept or reject such requests; and - establishes a new "invalidProfile" error to facilitate the rejection of invalid requests. This draft is implemented by both the Boulder and Pebble ACME server implementations, with the exception of the "invalidProfile" error type. The code supporting profile selection is deployed in Let's Encrypt's environments, but the functionality is gated behind a feature flag which has not yet been enabled. I have locally augmented clients to support requesting profiles, but have not yet upstreamed such changes to open-source ACME client projects. I'm not yet asking for working group adoption, but I would like to kick off a first round of edits, suggestions, and feedback. Thanks! Aaron
ACME WG IETF 121 2024-11-06 Profiles.pdf
Description: Adobe PDF document
_______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
