There is sufficient interest to adopt this draft. Thank you, Deb
On Fri, Jun 9, 2023 at 5:06 PM Seo Suchan <tjtn...@gmail.com> wrote: > for CAA mechanism for tor, I'm don't think acme working group is right > place to talk about it: as they effect non-acme CA that sign certificate > for onion, shouldn't it need to be handled on lamps subject (as there is > where CAA rfc was discussed) > 2023-06-10 오전 1:55에 Aaron Gable 이(가) 쓴 글: > > Hi all, > > I support the draft for adoption. Specifically, I think it's a good thing > to standardize the onion-csr-01 challenge type. I have two classes of > comments that I look forward to discussing in-depth after adoption: > 1) Obviously it's valuable for this draft to standardize a method that is > already accepted by the CA/BF. But in the long term there's no need to use > a CSR as the transport mechanism for a random token, a public key, and a > signature -- moving away from x509 for this would be nice in the long term. > Probably out-of-scope for this document, but worth discussing. > 2) The primary benefit of the onion-csr-01 method is that it allows the CA > to perform domain control validation without operating a Tor client. > However, this benefit is obviated entirely by the need to operate a Tor > client to check for CAA in the hidden service descriptor. It seems likely > that there are CAs which have avoided implementing HTTP-01 and TLS-ALPN-01 > for .onion due to the need to operate a Tor client; these same CAs may have > been willing to implement ONION-CSR-01, but now will not due to the CAA > mechanism. > > Thanks, > Aaron > > On Sun, Jun 4, 2023 at 4:07 AM Deb Cooley <debcool...@gmail.com> wrote: > >> This will be a two week call for adoption ending on 16 June. Please >> speak up either for or against adopting this draft. >> >> Thanks, >> Deb >> _______________________________________________ >> Acme mailing list >> Acme@ietf.org >> https://www.ietf.org/mailman/listinfo/acme >> > > _______________________________________________ > Acme mailing listAcme@ietf.orghttps://www.ietf.org/mailman/listinfo/acme > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
