Hej Hej ACME, Richard Barnes pointed out that the previous version of this draft failed to provide a JSON encoding for the two new identifiers: permanentIdentifier and HardwareModuleName for the Order object. While addressing this we uncovered a few related issues. Given the scope of the change, Chairs and AD decided that this needed to go back to WG for another round of review, and do another WGLC.
Version -02 makes the following changes: * Adds a JSON representation of the permanentIdentifier and HardwareModuleName identifiers. Since these are both represented in the CSR in structured ASN.1 objects, an ASCII representation was invented, along with a suggested algorithm for comparing them. * Explicitly allows for these identifiers to appear in the CSR but not in the issued certificate. It is completely reasonable that a client is willing to share its device fingerprint with the CA but does not want it published in the certificate, but it needs to be noted explicitly since it is a contradiction of RFC8555. Kindly, Sven Rajala Deputy PKI Officer M: +1 540 687 0761 [email protected]<https://www.keyfactor.com/> From: [email protected] <[email protected]> Date: Friday, 2026 March 27 at 07:16 To: [email protected] <[email protected]> Cc: [email protected] <[email protected]> Subject: [Acme] I-D Action: draft-ietf-acme-device-attest-02.txt This Message Is From an External Sender This message came from outside your organization. Report Suspicious<https://us-phishalarm-ewt.proofpoint.com/EWT/v1/BjbSd3t9V7AnTp3tuV-82YaK!_0QvQsCqUBRnXA2SsFYwFMaMq3Hw0TfwDL6egjSvBGRRBqHynpo2ayyeZGjbSVib9Vnj54APifpdPBIKdppF_W9LtvnAnP4fiRQvxjxDHPAMcASR9oFbi2hK-q6sStrDFmzqO7A$> Internet-Draft draft-ietf-acme-device-attest-02.txt is now available. It is a work item of the Automated Certificate Management Environment (ACME) WG of the IETF. Title: Automated Certificate Management Environment (ACME) Device Attestation Extension Authors: Brandon Weeks Ganesh Mallaya Sven Rajala Corey Bonnell Name: draft-ietf-acme-device-attest-02.txt Pages: 13 Dates: 2026-03-26 Abstract: This document specifies new identifiers and a challenge for the Automated Certificate Management Environment (ACME) protocol which allows validating the identity of a device using attestation. The IETF datatracker status page for this Internet-Draft is: https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-acme-device-attest/__;!!BjbSd3t9V7AnTp3tuV-82YaK!0H-VC426pbKo4nrZmKuTOWRwRri0KW3g1VKsbmyECeGmHIDn7yRUXfzv84zsUTfjnGa6IjwvGfv4QR9LeU_eqx7Ht9k_-g$ There is also an HTML version available at: https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ietf-acme-device-attest-02.html__;!!BjbSd3t9V7AnTp3tuV-82YaK!0H-VC426pbKo4nrZmKuTOWRwRri0KW3g1VKsbmyECeGmHIDn7yRUXfzv84zsUTfjnGa6IjwvGfv4QR9LeU_eqx7MiD2qFw$ A diff from the previous version is available at: https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url2=draft-ietf-acme-device-attest-02__;!!BjbSd3t9V7AnTp3tuV-82YaK!0H-VC426pbKo4nrZmKuTOWRwRri0KW3g1VKsbmyECeGmHIDn7yRUXfzv84zsUTfjnGa6IjwvGfv4QR9LeU_eqx7FXv7Egw$ Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts _______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
