[Acme] ACME v06 - Pre-Authorization

Hi, I am exploring the idea of using ACME for issuing certificates for endpoints using the Pre-Authorization process, and I have a question about that process. I reviewed the editor's version published May 22, 2017. Section 7.4.1. Pre-Authorization states that after the client sends a request a

Re: [Acme] Fwd: I-D Action: draft-ietf-acme-acme-07.txt

I do not believe that I got an answer to my pre-authorization question here: https://www.ietf.org/mail-archive/web/acme/current/msg01991.html What would be the response of the server if the client sends the certificate issuance request after it sends the pre-authorization request but before it com

Re: [Acme] ACME v06 - Pre-Authorization

On Mon, Jun 26, 2017 at 5:11 PM, Jacob Hoffman-Andrews wrote: > On 06/07/2017 05:50 AM, Rifaat Shekh-Yusef wrote: > > What is the expected behavior of the server if the client sends the > > certificate issuance request after it sends the pre-authorization > > request but &g

Re: [Acme] ACME v06 - Pre-Authorization

On Tue, Jun 27, 2017 at 2:29 PM, Jacob Hoffman-Andrews wrote: > On 06/27/2017 05:15 AM, Rifaat Shekh-Yusef wrote: > > > >> The server would create an order object with one or more >> authorizations objects that need to be fulfilled. > > > My point is that the pr

Re: [Acme] Fwd: I-D Action: draft-ietf-acme-acme-07.txt

> On Fri, Jun 23, 2017 at 3:33 PM, Rifaat Shekh-Yusef > wrote: > >> I do not believe that I got an answer to my pre-authorization question >> here: >> https://www.ietf.org/mail-archive/web/acme/current/msg01991.html >> >> What would be the response of the ser

Re: [Acme] Fwd: I-D Action: draft-ietf-acme-acme-07.txt

What about the payload? would you return "challenges" or "authorization? Regards, Rifaat On Tue, Jul 18, 2017 at 8:49 PM, Jacob Hoffman-Andrews wrote: > On 07/18/2017 10:13 AM, Rifaat Shekh-Yusef wrote: > > Hi Richard, > > Take a look at the followin

[Acme] Fwd: New Version Notification for draft-yusef-acme-3rd-party-device-attestation-00.txt

-- Forwarded message - From: Date: Sat, Jan 12, 2019 at 12:34 PM Subject: New Version Notification for draft-yusef-acme-3rd-party-device-attestation-00.txt To: Rifaat Shekh-Yusef A new version of I-D, draft-yusef-acme-3rd-party-device-attestation-00.txt has been successfully submitted by Rifaat

Re: [Acme] Meeting in Prague?

I was hoping to present and discuss the following new draft in Prague and before closing this WG. https://datatracker.ietf.org/doc/draft-yusef-acme-3rd-party-device-attestation/ Regards, Rifaat On Tue, Jan 15, 2019 at 12:31 PM Richard Barnes wrote: > I hold out hope that we can have the WG cl

Re: [Acme] Meeting in Prague?

I have submitted the draft and sent an email to the list only few days ago, so I would like first give the WG a chance to review it and provide feedback. Regards, Rifaat On Tue, Jan 15, 2019 at 12:53 PM Salz, Rich wrote: > We have more than a month to discuss the draft here on the mailing

Re: [Acme] Fwd: New Version Notification for draft-yusef-acme-3rd-party-device-attestation-00.txt

Thanks Ilari, Please, see me reply inline... Regards, Rifaat On Tue, Jan 15, 2019 at 1:13 PM Ilari Liusvaara wrote: > On Sat, Jan 12, 2019 at 12:38:59PM -0500, Rifaat Shekh-Yusef wrote: > > Hi, > > > > I have submitted the draft below that defines a mechanism to automa

Re: [Acme] Fwd: New Version Notification for draft-yusef-acme-3rd-party-device-attestation-00.txt

Thanks Ryan, Please, see my reply inline... Regards, Rifaat On Tue, Jan 15, 2019 at 2:56 PM Ryan Sleevi wrote: > > > On Tue, Jan 15, 2019 at 1:58 PM Rifaat Shekh-Yusef > wrote: > >> The proposed mechanism does not suggest the CA perform a domain >> validation

[Acme] Fwd: New Version Notification for draft-yusef-acme-3rd-party-device-attestation-01.txt

-acme-3rd-party-device-attestation-01.txt To: Rifaat Shekh-Yusef A new version of I-D, draft-yusef-acme-3rd-party-device-attestation-01.txt has been successfully submitted by Rifaat Shekh-Yusef and posted to the IETF repository. Name: draft-yusef-acme-3rd-party-device-attestation

Re: [Acme] Fwd: New Version Notification for draft-yusef-acme-3rd-party-device-attestation-01.txt

helps. I will try to expand on this in the next version of the document. Regards, Rifaat On Wed, Jan 16, 2019 at 4:15 PM Ilari Liusvaara wrote: > On Wed, Jan 16, 2019 at 03:32:57PM -0500, Rifaat Shekh-Yusef wrote: > > All, > > > > I have just submitted new updated version

Re: [Acme] Fwd: New Version Notification for draft-yusef-acme-3rd-party-device-attestation-01.txt

he lines of > [2], to just define a token type and maybe an identifier type. > > --Richard > > [1] https://tools.ietf.org/html/draft-ietf-acme-authority-token > [2] > https://tools.ietf.org/wg/acme/draft-ietf-acme-authority-token-tnauthlist/ > > On Wed, Jan 16, 2019 at 12:33 PM Rifaa

Re: [Acme] Fwd: New Version Notification for draft-yusef-acme-3rd-party-device-attestation-01.txt

spatch > process. > > On Thu, Jan 17, 2019 at 12:49 Rifaat Shekh-Yusef > wrote: > >> Thanks Richard, >> >> The redirection is not critical part, and your explanation makes sense. >> I looked at the "authority token" documents a while ago; I will take a >

Re: [Acme] Fwd: New Version Notification for draft-yusef-acme-3rd-party-device-attestation-01.txt

type and maybe an identifier type. > > --Richard > > [1] https://tools.ietf.org/html/draft-ietf-acme-authority-token > [2] > https://tools.ietf.org/wg/acme/draft-ietf-acme-authority-token-tnauthlist/ > > On Wed, Jan 16, 2019 at 12:33 PM Rifaat Shekh-Yusef > wrote: &g

Re: [Acme] Fwd: New Version Notification for draft-yusef-acme-3rd-party-device-attestation-01.txt

Inline... On Wed, Jan 23, 2019 at 3:07 PM Richard Barnes wrote: > Inline. > > On Sun, Jan 20, 2019 at 3:04 PM Rifaat Shekh-Yusef > wrote: > >> I looked at the TNAuthList draft, and as far as I understand, the >> framework seems >> a bit different from this pro

Re: [Acme] Fwd: New Version Notification for draft-yusef-acme-3rd-party-device-attestation-01.txt

Thanks for the review and feedback, James. See my reply inline below. Regards, Rifaat On Thu, Jan 24, 2019 at 8:27 PM Manger, James < james.h.man...@team.telstra.com> wrote: > I’m confused about what is desired with > draft-yusef-acme-3rd-party-device-attestation, but I think it may be quite >

Re: [Acme] Fwd: New Version Notification for draft-yusef-acme-3rd-party-device-attestation-01.txt

James, "That way the ACME CA doesn’t need to know anything about the device attestation." No, the ACME CA would need to validate the JWT provided by the Device Authority. Regards, Rifaat On Fri, Jan 25, 2019 at 8:06 AM Rifaat Shekh-Yusef wrote: > Thanks for the review and fe

Re: [Acme] IETF 104 Agenda

Rich, How much time is allocated to these items? Regards, Rifaat On Tuesday, March 19, 2019, Salz, Rich wrote: > The agenda has been posted to https://datatracker.ietf.org/ > meeting/104/session/acme It is also below. > > > > If you want to volunteer before the meeting to do Jabber and/or m

Re: [Acme] IETF 104 Agenda

t 40 minutes) is for > device attestation and client certs. > > Sent from my phone > ---------- > *From:* Rifaat Shekh-Yusef > *Sent:* Thu Mar 21 13:18:59 GMT+02:00 2019 > *To:* "Salz, Rich" > *Cc:* "acme@ietf.org" > *Subject:* Re: [Acme

Re: [Acme] Use cases / trust model for device certs

Hi Richard, I was not aware of the ANIMA work before the meeting in Prague, so I will definitely look into that in details. One use case that I have in mind is a way to make sure that a specific device can only be used by a specific party. If you rely on RP to request identities for the device, t

Re: [Acme] Use cases / trust model for device certs

Friel (ofriel) wrote: > Hi Rifaat, > > Inline. > > > > *From:* Rifaat Shekh-Yusef > *Sent:* 17 April 2019 20:37 > *To:* Richard Barnes > *Cc:* IETF ACME ; Owen Friel (ofriel) > *Subject:* Re: Use cases / trust model for device certs > > > > Hi Richa