The authorization system in ACME includes a number of different challenges.
dns-01 and http-01 establish control over a name,
bp-nodeid is a different kind of name (I didn't understand the nature of this
beast, so i can't name it)abandonned draft-ietf-acme-telephone-01 authorizes telephone numbers. onion has special considerations, but is still a name, just not a DNS resolvable name. abandonned draft-ietf-acme-email-tls-05 authorizes an SMTP endpoint via DNS name. The mechanism is different, but essentially, it's still a name. RFC 8823 authorizes USER@FQDNs using an email-based challenge. As I repeated several times at the mic at last week's meeting, the ideas in draft-liu-acme-rats-00 are not challenges, and do not relate directly to authorization. In the slides, in particular, slide 8, the term: "device-attest-02 ACME challenge" was used, and this was unfortunate, because I think it confuses things. This device attestation could be used with ANY of the authorizations above. In effect, we need a new term here. (Yes, this is a bikeshed request) -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
