Markdown Version | Session Recording

Session Date/Time: 30 Mar 2023 06:00

acme

Summary

This acme working group session at IETF 116 covered document status, presentations on acme-arr and acme-dns-01, and other business including discussion of a new draft on ACME for Tor hidden services. Key topics included the status of drafts in the RFC editor queue, progress on acme-dns-01 adoption and implementation, and alignment of attestation drafts.

Key Discussion Points

• Document Status: Updates were provided on the status of several ACME drafts, including acme-subdomains, acme-integrations, acme-dns, authority-token, authority-token-papez, acme-arr, device-attestation, and acme-dns-account-01.
• acme-dns: The adoption of acme-dns-account-01 was celebrated, and feedback received since adoption was discussed. Cloudflare's implementation and Google Trust Services' enablement of the challenge were highlighted. The intention to contribute the challenge to the Boulder server-side implementation was announced. A request was made for more reviews of the draft.
• acme-arr: Discussion on the acme-arr draft focused on whether to use an encapsulation format or web. There's ongoing discussion of encapsulation.
• Attestation Drafts: Ellsworth raised the issue of aligning different attestation drafts (including kia-attestation for LAPS), emphasizing the need to avoid overlap and ensure clarity in purpose.
• ACME for Tor Hidden Services: A new draft (draft-misel-acme-onion) was introduced, proposing how ACME can be used to issue certificates for Tor hidden services, addressing the lack of DNS and the need to incorporate CSR signing into the validation process.

Decisions and Action Items

• Action Item: Reach out to the d working group to get an update on the timeline for publication of the document that ACME is relying on.
• Action Item: Authors of attestation drafts (Brendan, Ellsworth, Carl Wallace, Shu) should coordinate to ensure distinctness and documented overlap.
• Action Item: Encourage the working group to review the draft-vienna-acme-dns-account-01 document.

Next Steps

• Authors to incorporate feedback and address open issues in their respective drafts.
• Working group members to review the draft-vienna-acme-dns-account-01 document.
• Follow up on the progress of the d working group's document.
• Continue discussion on the mailing list regarding design and implementation details.