At IETF102 we had extremely strong consensus to merge this, to address the last open AD review comment.
As Richard said, if you have concerns or objections, please speak up NOW. /rich, co-chair From: Richard Barnes <r...@ipv.sx> Date: Tuesday, July 17, 2018 at 6:00 PM To: "c...@letsencrypt.org" <c...@letsencrypt.org> Cc: Rich Salz <rs...@akamai.com>, Eric Rescorla <e...@rtfm.com>, "acme@ietf.org" <acme@ietf.org>, Russ Housley <hous...@vigilsec.com> Subject: Re: [Acme] AD Review: draft-ietf-acme-acme-12 ... and based on feedback at the meeting, I went ahead and merged this. I understand that EKR will be issuing an IETF last call soon, so if you have concerns about this change, please raise them there. Or on this thread, but in any case, ASAP. Thanks, --Richard On Tue, Jul 17, 2018 at 4:27 PM Richard Barnes <r...@ipv.sx> wrote: I went ahead and posted a PR implementing EKR's suggestion: https://github.com/ietf-wg-acme/acme/pull/429<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_ietf-2Dwg-2Dacme_acme_pull_429&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=akOT5FNFHauSSc-eXxV1lyXw7wamEL3Ba7HiBjxAjYE&s=IcP4Of7AvUdlhfAyNZMU3gwzGdEK1qFBNhUxpcPkY6w&e=> On Wed, May 30, 2018 at 4:23 PM Daniel McCarney <c...@letsencrypt.org<mailto:c...@letsencrypt.org>> wrote: We have multiple CA’s that support it, and other implementations as well. Of the multiple CAs that support ACME, which support something resembling the current draft? When I looked last the non-Let's Encrypt ACME server implementations all seemed to be targeting Certbot and the "ACMEv1" era of this draft (e.g. are not using the order based issuance flow at all). There have been substantial backwards compatibility breaking changes in the draft since this time. I second EKR's sentiment that there has been little true ACME inter-op testing of the protocol as described in draft-12 outside of that done with Let's Encrypts ACMEv2 endpoint. - Daniel / cpu On Wed, May 30, 2018 at 3:56 PM, Salz, Rich <rsalz=40akamai....@dmarc.ietf.org<mailto:rsalz=40akamai....@dmarc.ietf.org>> wrote: * Well, we have a fair bit of experience of a lot of people talking to Let's Encrypt. That's not really the same as a lot of servers and a lot of clients. We have multiple CA’s that support it, and other implementations as well. Certainly LE dominates, but it’s not the only usage. And certainly not the only anticipated future usage. * I would match the TLS ones: MUST ECDSA with P-256, SHOULD EdDSA with X25519. That would make the MTI limited to a subset of the WebPKI supported by the latest browsers, which seems wrong. But let’s not bikeshed too much and see what the WG consensus is. _______________________________________________ Acme mailing list Acme@ietf.org<mailto:Acme@ietf.org> https://www.ietf.org/mailman/listinfo/acme<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_acme&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=akOT5FNFHauSSc-eXxV1lyXw7wamEL3Ba7HiBjxAjYE&s=cFUtkkykElzuumAcVXyZR--IkB424C8nNbuOvrXeKYM&e=>
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme