On Fri, Mar 29, 2019 at 4:31 AM Richard Barnes wrote:
>
>
> On Fri, Mar 29, 2019 at 9:30 AM Kathleen Moriarty <
> kathleen.moriarty.i...@gmail.com> wrote:
>
>>
>>
>> On Fri, Mar 29, 2019 at 4:27 AM Richard Barnes wrote:
>>
>>>
>>>
>>> On Fri, Mar 29, 2019 at 7:49 AM Kathleen Moriarty <
>>> kathl
On Fri, Mar 29, 2019 at 9:30 AM Kathleen Moriarty <
kathleen.moriarty.i...@gmail.com> wrote:
>
>
> On Fri, Mar 29, 2019 at 4:27 AM Richard Barnes wrote:
>
>>
>>
>> On Fri, Mar 29, 2019 at 7:49 AM Kathleen Moriarty <
>> kathleen.moriarty.i...@gmail.com> wrote:
>>
>>> I meant to respond inline as w
On Fri, Mar 29, 2019 at 4:27 AM Richard Barnes wrote:
>
>
> On Fri, Mar 29, 2019 at 7:49 AM Kathleen Moriarty <
> kathleen.moriarty.i...@gmail.com> wrote:
>
>> I meant to respond inline as well.
>>
>> Sent from my mobile device
>>
>> On Mar 28, 2019, at 4:58 PM, Richard Barnes wrote:
>>
>> To re
On Fri, Mar 29, 2019 at 7:49 AM Kathleen Moriarty <
kathleen.moriarty.i...@gmail.com> wrote:
> I meant to respond inline as well.
>
> Sent from my mobile device
>
> On Mar 28, 2019, at 4:58 PM, Richard Barnes wrote:
>
> To recap and extend some things that were said at the meeting:
>
> - ACME can
I meant to respond inline as well.
Sent from my mobile device
> On Mar 28, 2019, at 4:58 PM, Richard Barnes wrote:
>
> To recap and extend some things that were said at the meeting:
>
> - ACME can already be used for client certificates that attest to domain
> names. It's just an EKU differe
I was thinking OTP may be a possibility for a CodeSigning challenge (after
account establishment out of band) and I have received outreach from others
interested to develop solutions for each of the types. Client certs for
messaging and enterprise was mentioned by others as well.
Feedback and c
To recap and extend some things that were said at the meeting:
- ACME can already be used for client certificates that attest to domain
names. It's just an EKU difference, so it can be negotiated in the CSR.
- ACME can already be used for code-signing certs, with external
validation. As with cl
Thank you for your draft.
As per the discussion from the WG meeting in Prague, my thoughts:
Section 5, Device Certificates:
DNS/IP based challenges may be appropriate for on-premises hardware and
less appropriate for Cloud or IoT environments where a machine
requesting may not have DNS or suit
Hello,
I am attaching a draft on several client certificate types to discuss in
Prague. The draft intentionally leaves some open questions for discussion
and I'll form the slides for the presentation in Prague around those
questions.
Thanks in advance for your review and discussion in Prague.
S