Hello Richard, I've changed the following text in the 2nd paragraph of the introduction in my working copy:
The core ACME protocol defined challenge types specific to web server certificates with the possibility to create extensions, or additional challenge types for other use cases and certificate types. Client certificates, such as end user, digital signature, and service authentication also benefit from automated management to ease the deployment and maintenance of these certificate types, thus the definition of this extension defining challenge types for end users and service accounts (e.g. cloud native containers, microservices). Use cases for of digital signatures are increasingly becoming foundational for integrity protection, origin authentication and data provenance including the following that may benefit from automating the certificate and key management for functions such as code signing, document signing (e.g. PDF), and format signing (e.g. JWT, SPDX). Please let me know if this addresses your request. Thank you, Kathleen On Sun, Jun 1, 2025 at 6:07 AM Kathleen Moriarty < [email protected]> wrote: > > Sent from my mobile device > > > On May 31, 2025, at 11:21 PM, [email protected] wrote: > > > > This is a great move for client certificate (except S/MIME certificate) > and code signing certificate. > > I suggest adding Document signing certificate ACME support. > > Adobe required the document signing certificate must be securely stored > in HSM like code signing certificate, so we can use the same challenge > types here to document signing certificate, just need to add the statement > that it is appliable to Document Signing certificate. > > Thanks. > > > Thank you for the feedback and support, Richard. > > I’ll add that into the text. Challenge types and certificate type are > decoupled since you specify the certificate type in the CSR, so this is an > easy informational addition. > > Best regards, > Kathleen > > > Richard Wang > > > > -----Original Message----- > > From: [email protected] <[email protected]> > > Sent: Wednesday, May 28, 2025 10:05 PM > > To: [email protected] > > Cc: [email protected] > > Subject: [Acme] I-D Action: draft-ietf-acme-client-10.txt > > > > Internet-Draft draft-ietf-acme-client-10.txt is now available. It is a > work item of the Automated Certificate Management Environment (ACME) WG of > the IETF. > > > > Title: ACME End User Client and Code Signing Certificates > > Author: Kathleen M. Moriarty > > Name: draft-ietf-acme-client-10.txt > > Pages: 16 > > Dates: 2025-05-28 > > > > Abstract: > > > > Automated Certificate Management Environment (ACME) core protocol > > addresses the use case of web server certificates for TLS. This > > document extends the ACME protocol to support service account > > authentication credentials, micro-service accounts credentials, > > device client, and code signing certificates and keys. > > > > The IETF datatracker status page for this Internet-Draft is: > > https://datatracker.ietf.org/doc/draft-ietf-acme-client/ > > > > There is also an HTMLized version available at: > > https://datatracker.ietf.org/doc/html/draft-ietf-acme-client-10 > > > > A diff from the previous version is available at: > > https://author-tools.ietf.org/iddiff?url2=draft-ietf-acme-client-10 > > > > Internet-Drafts are also available by rsync at: > > rsync.ietf.org::internet-drafts > > > > > > _______________________________________________ > > Acme mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > > > _______________________________________________ > > Acme mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > -- Best regards, Kathleen
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
