All, This is an I-D I've been working on sporadically to address trusted certificate generation for IoT devices like printers, cameras, etc. As indicated in the abstract, it enables discovery and usage of a local ACME server that provides a trusted root certificate for the local network as well as signed certificates for any IoT devices that need them.
The goal is to provide something better than self-signed certificates while supporting simple home networks (where your router probably provides the ACME server for ".local") to enterprise networks with dedicated certificate and DNS servers. I'm hoping to have some prototype code ready to post on Github in the coming months, but obviously would be grateful for any feedback you have. Thanks! (Also circulating in the IoT OPS WG in the IETF, and the IEEE-ISTO Printer Working Group where I am secretary of the Internet Printing Protocol WG...) > Begin forwarded message: > > From: internet-dra...@ietf.org > Subject: New Version Notification for draft-sweet-iot-acme-03.txt > Date: February 6, 2023 at 4:42:33 PM EST > To: "Michael Sweet" <msw...@msweet.org> > > > A new version of I-D, draft-sweet-iot-acme-03.txt > has been successfully submitted by Michael Sweet and posted to the > IETF repository. > > Name: draft-sweet-iot-acme > Revision: 03 > Title: ACME-Based Provisioning of IoT Devices > Document date: 2023-02-06 > Group: Individual Submission > Pages: 12 > URL: https://www.ietf.org/archive/id/draft-sweet-iot-acme-03.txt > Status: https://datatracker.ietf.org/doc/draft-sweet-iot-acme/ > Html: https://www.ietf.org/archive/id/draft-sweet-iot-acme-03.html > Htmlized: https://datatracker.ietf.org/doc/html/draft-sweet-iot-acme > Diff: > https://author-tools.ietf.org/iddiff?url2=draft-sweet-iot-acme-03 > > Abstract: > This document extends the Automatic Certificate Management > Environment (ACME) [RFC8555] to provision X.509 certificates for > local Internet of Things (IoT) devices that are accepted by existing > web browsers and other software running on End User client devices. > > > > > The IETF Secretariat > > ________________________ Michael Sweet _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme