Ted and Simon: > Ted Hardie <ted.i...@gmail.com> writes: > >>> In order to facilitate deployment by CAs, the ACME protocol must be >>> compatible with common industry standards for the operation of a CA, >>> for example the CA/Browser Forum Baseline Requirements [0]. >>> >>> >> I don't really like the language "the ACME protocol must be >> compatible with common industry standards for the operation of a CA, >> for example the CA/Browser Forum Baseline Requirements [0]." Proving >> compatibility with an unbounded set of standards seems likely to >> generate a lot of wrangling on what "common industry standards". >> Also, the point of the effort, after all, is to be better than *some* of >> the current >> operations of a CA. >> >> Would the following work? >> >> "The ACME working group is focused on automating certificate issuance, >> validation, >> revocation and renewal. Review of other industry practices are not within >> scope for this working group." > > +1 > > The reference to CA/B and saying ACME must be compatible with it appear > restrictive to me. If we want to improve state-of-the-art, we can't be > limited by compatibility with the lowest common denominator in the > industry.
I think the point of this paragraph was to create a protocol that is compatible with existing CA policies and practices. How about this? The ACME working group is specifying ways to automate certificate issuance, validation, revocation and renewal. The ACME working group is not reviewing or producing certificate policies or practices. Russ _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
