<[email protected]> wrote: > (1) the most important reason is ACME is widely used worldwide, EST > not;
EST is not used for getting WebPKI anchored server certificates.
It is used extensively in private/enterprise PKIs, not just in IoT.
> internal CA uses an EST server to issue certificates for IoT devices",
> but we need ACME for public CA to issue publicly trusted certificate.
I'm not convinced that many certificates used for client authentication will
have identifiers that ACME can easily authorize via dns-01 or http-01.
Yes, it's possible, but I'm not convinced the things that many people want
will be. Further, in order to issue the client certificates, there often
needs to be a more complex trust relationship (business relationship) between
the client and the CA.
> So I strongly recommend use ACME, not EST. And we need this draft for
> client certificate including code signing certificate and document
> signing certificate, thanks.
What SAN would be used for a document signing certificate?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
