It appears to me what you're trying to achieve is binding an IdP to an ACME client. EAB can bind an ACME account key to *something*, this could well be an IdP.
As the ACME request is then signed with the account key that in turn binds the request to the account in your IdP. ------------------------------ Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № 12417574 <https://find-and-update.company-information.service.gov.uk/company/12417574>, LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca Digital, is a company registered in Estonia under № 16755226. Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively. On Mon, 2 Dec 2024 at 10:11, Xialiang(Frank, IP Security Standard) < frank.xiali...@huawei.com> wrote: > Hi Q, > My point is not a conclusion, is just an observation/fact from current > ACME standards, like you gave me the reference "7.3.4 of RFC8555". If I am > wrong, please tell me. > > If you think EAB can do more, I am very happy to know more details~~ > > B.R. > Frank > > -----邮件原件----- > 发件人: Q Misell <q...@as207960.net> > 发送时间: 2024年12月2日 17:02 > 收件人: Xialiang(Frank, IP Security Standard) <frank.xialiang= > 40huawei....@dmarc.ietf.org> > 抄送: Richard Barnes <r...@ipv.sx>; Aaron Gable <aa...@letsencrypt.org>; > Mike Ounsworth <mike.ounswo...@entrust.com>; IETF ACME <acme@ietf.org>; > draft-geng-acme-public-key.auth...@ietf.org > 主题: Re: [Acme] 回复: Re: 回复: [EXTERNAL] Re: Introducting a new draft about > adding a new ACME challenge type: public key challgenge > > I don't see why EAB can't be used to link to an identity - perhaps you > could elaborate? > ------------------------------ > > Any statements contained in this email are personal to the author and are > not necessarily the statements of the company unless specifically stated. > AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, > Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company > registered in Wales under № 12417574 < > https://find-and-update.company-information.service.gov.uk/company/12417574 > >, > LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 < > https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU > VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: > 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru > maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca > Digital, is a company registered in Estonia under № 16755226. Estonian VAT > №: EE102625532. Glauca Digital and the Glauca logo are registered > trademarks in the UK, under № UK00003718474 and № UK00003718468, > respectively. > > > On Mon, 2 Dec 2024 at 03:12, Xialiang(Frank, IP Security Standard) > <frank.xialiang=40huawei....@dmarc.ietf.org> wrote: > > > No, my point is ACME EAB is only about account authenticity, but not > > about identity and certificate. > > > > > > > > *发件人:* Q Misell <q=40as207960....@dmarc.ietf.org> > > *发送时间:* 2024年11月29日 23:07 > > *收件人:* Xialiang(Frank, IP Security Standard) > > <frank.xiali...@huawei.com> > > *抄送:* Richard Barnes <r...@ipv.sx>; Aaron Gable > > <aa...@letsencrypt.org>; Mike Ounsworth <mike.ounswo...@entrust.com>; > > IETF ACME <acme@ietf.org>; draft-geng-acme-public-key.auth...@ietf.org > > *主题:* Re: [Acme] 回复: Re: 回复: [EXTERNAL] Re: Introducting a new draft > > about adding a new ACME challenge type: public key challgenge > > > > > > > > ACME EAB actually has no restrictions on its use. It might be used to > > link to a financial account for billing purposes, or could be used to > > link to an identity account as you desire. > > ------------------------------ > > > > Any statements contained in this email are personal to the author and > > are not necessarily the statements of the company unless specifically > stated. > > AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan > > Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a > > company registered in Wales under № 12417574 > > <https://find-and-update.company-information.service.gov.uk/company/12 > > 417574>, LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 > > <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. > > EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: > > 522-80-03080. AS207960 Ewrop OÜ, having a registered office at > > Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, > > trading as Glauca Digital, is a company registered in Estonia under № > > 16755226. Estonian VAT > > №: EE102625532. Glauca Digital and the Glauca logo are registered > > trademarks in the UK, under № UK00003718474 and № UK00003718468, > > respectively. > > > > > > > > > > > > On Thu, 28 Nov 2024 at 03:31, Xialiang(Frank, IP Security Standard) > > <frank.xialiang=40huawei....@dmarc.ietf.org> wrote: > > > > Hi Q, > > > > Thanks for your pointing out the reference, I have read this section > > and found that it (external account binding) is another thing about > > account authenticity and performed in the ACME “Account Management” > > phase, different from what our draft proposed about public key > > authenticity and performed in the “Identifier Validation Challenges” > phase >
_______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
