Hi team! DigiCert has implemented a proof of concept ACME server using ACME draft-07. We utilize External Account Binding, but not Out-of-Band Challenges nor Pre-Authorization, though both are of potential interest to us in the future. We currently handle both of those by way of the External Account Binding, which provides the full context of a customer account, and therefore has the support of Pre-Authorization functions and our Support/Validation teams to assist with Out-of-Band Challenges. Our interest in ACME would be the potential complete automation of those steps, but given the available workaround, we opted to not focus on supporting that yet.
Cheers! -Clint On Sat, Oct 21, 2017 at 12:56 AM Mads Egil Henriksveen < mads.henriksv...@buypass.no> wrote: > Hi > > > > Buypass has implemented an ACME server based on ACME draft-07 which use > order based issuance, this version is currently available in a test > environment only. We are also running a constrained pilot in our production > environment (supporting CertBot) and this will be upgraded to the ACME > draft-07 version shortly. > > > > We have included support for Pre-Authorization, but we are not using > neither External Account Binding nor the Out-of-Band Challenge in our > current version. However, we are considering to use the Out-of-Band > Challenge type and possibly also External Account Binding in a next phase > where the idea is to exploit how the ACME protocol may be used to support > issuance and administration of other types of TLS certificates than DV. > > > > Regards > > Mads > > > > *From:* Acme [mailto:acme-boun...@ietf.org] *On Behalf Of *Daniel McCarney > *Sent:* fredag 20. oktober 2017 22:36 > *To:* IETF ACME <acme@ietf.org> > *Subject:* [Acme] Survey of draft-07 implementations > > > > Hi folks, > > > > As the WG approaches last-call on ACME draft-07[0] I wanted to get a sense > of which portions of the spec have been implemented and which haven't. > > > > In particular I'd like to hear if anyone has implemented: > > * External Account Binding (Section 7.3.5) > > * Pre-Authorization for Order based issuance (Section 7.4.1) > > * The Out-of-Band Challenge type (Section 8.6) > > > > Let's Encrypt has made good progress on draft-07 server implementation but > has no plans to implement the above three features. It would be nice to > hear someone has running code for these protions of spec. > > > > Ignoring the above three items Let's Encrypt has implemented the core > portions of draft-07 in Pebble[1]. It's presently using the pro-active > issuance method described in draft-07. It does not support key change or > revocation but is ready to be used by clients. There is an integration test > client[2] based on Certbot's ACME python module and ACME4j has an > experimental branch[3] capable of issuing certificates from Pebble. > > > > Let's Encrypt has also made significant progress implementing draft-07 in > Boulder[4], the production Let's Encrypt CA software, but it is not yet > ready for use by clients. This implementation does include key change and > revocation but does **not** use pro-active issuance. I began a separate > thread[5] for the order finalization approach that we have started to > implement for Boulder. Pebble will be updated to use this issuance approach > in place of pro-active issuance shortly. > > > > Are there any other servers or clients out there that are speaking > draft-07 ACME and using order based issuance? > > > > - Daniel / cpu > > > > [0]: https://tools.ietf.org/html/draft-ietf-acme-acme-07 > > [1]: https://github.com/letsencrypt/pebble > > [2]: > https://github.com/letsencrypt/boulder/blob/e2cc6fbe682dd5d49da32c2357838b0cc831f10f/test/chisel2.py > > [3]: https://github.com/shred/acme4j/tree/draft > > [4]: https://github.com/letsencrypt/boulder > > [5]: > https://mailarchive.ietf.org/arch/msg/acme/DIjJEB06J5cFyuOlGPVcY2I51vg > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme