Hi all, I just uploaded a short draft to extend the ACME profiles mechanism. It's a way to automate PKI transitions that need multiple certificates, e.g. classical and post-quantum.
It's a separate document just to present an initial proposal. It's possible the right home would ultimately be in the profiles draft itself. Or it's possible folks will want a slightly different mechanism—there's a wide range of possible spellings, from different JSON structures, extending the Link header, to multiple certificate URLs on an order, to requesting multiple profiles in one order, etc. This formulation was just the easiest scheme I found to write down, and avoids changing the order state machine, etc. Thoughts? David ---------- Forwarded message --------- From: <[email protected]> Date: Mon, Oct 20, 2025 at 5:00 PM Subject: New Version Notification for draft-davidben-acme-profile-sets-00.txt To: David Benjamin <[email protected]> A new version of Internet-Draft draft-davidben-acme-profile-sets-00.txt has been successfully submitted by David Benjamin and posted to the IETF repository. Name: draft-davidben-acme-profile-sets Revision: 00 Title: Automated Certificate Management Environment (ACME) Profile Sets Date: 2025-10-20 Group: Individual Submission Pages: 7 URL: https://www.ietf.org/archive/id/draft-davidben-acme-profile-sets-00.txt Status: https://datatracker.ietf.org/doc/draft-davidben-acme-profile-sets/ HTML: https://www.ietf.org/archive/id/draft-davidben-acme-profile-sets-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-davidben-acme-profile-sets Abstract: This document defines how an ACME Server may indicate collections of related certificate profiles to ACME Clients. The IETF Secretariat
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
