Hi Russ, On 30/05/18 22:31, Russ Housley wrote: > It seems to me that ACME is being used to support certificate > enrollment for many different applications, so the same approach > seems appropriate. I agree with your description of the past:-)
I don't agree with not specifying MTI algs though. My main reasons are that I think having MTI algorithms for acme may lead to better interop and less proliferation of algorithms/suites and less broken/non-tested code. (I forget what I thought about this years ago, but I may have changed opinion - it was reasonable for PKIX to not specify MTI algs a decade or two ago, but that that is no longer a good plan, as we now do really use all this stuff.) That said, I don't feel too strongly about it - in practice I reckon all acme clients will in any case want to implement and be able to use whatever works with LE, at least for the next while, and so this won't be a practical problem either way. Cheers, S.
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
