**Session Date/Time:** 22 Jul 2025 09:30 # acme ## Summary The ACME working group meeting covered document status updates, presentations on several draft proposals, and discussions regarding their direction and potential adoption. Key topics included client authentication challenges, auto-discovery of ACME servers, public key challenges, ACME RATS integration, JWT claim constraints in STIR certificates, ACME profiles and persistent DNS validation. ## Key Discussion Points * **Document Status:** * Two new RFCs published: RFC 9773 (ARI) and RFC 9799 (Onion). * Several drafts are in the RFC editor's queue or undergoing revisions. * **Client Authentication Challenge Types:** * Discussion on the usefulness and implementation status of the client challenge type draft. * Concerns were raised about the scope and potential overlap with other drafts, particularly concerning WebAuthn. * Debate on whether this represents a fundamental change to ACME. * **Auto-Discovery of ACME Servers:** * Discussion on the need for auto-discovery mechanisms for different identifier types, including those beyond DNS names. * The draft is looking for a new lead author who can champion adoption, especially someone from a major vendor. * **Public Key Challenges:** * The presenter clarified that the use case in this scenario is for enterprise or campus contexts. * Concerns were raised about the practical necessity and security model of the proposed solution. * **ACME RATS Integration:** * Discussion about combining the RATS process with the ACME process to improve device security. * Debate on where the attestation information should be placed within the Acme protocol flow (challenge vs. order payload). * **Extension of Public Key Challenges for JWT claim constraints**: * A question was raised about handling multiple challenges with different authorities. * **Persistent DNS Validation in ACME:** * Discussion on implementing static TXT records for DNS validation. * Emphasis on aligning with the CA/Browser Forum's efforts on this front. ## Decisions and Action Items * **Client Authentication Challenge Types:** Kathleen will address the feedback and decide whether a new draft should be uploaded. Chairs to start a mailing list thread on this. * **Auto-Discovery of ACME Servers:** Mike is looking for someone from a CA or CSP to take lead of this draft. * **ACME RATS Integration:** Discuss placing attestation result into the order payload in the main list. ## Next Steps * Continue discussion of open issues on the mailing list. * Coordinate efforts on similar drafts (e.g., client authentication challenges, persistent DNS validation) to avoid duplication and ensure alignment. * Continue the Akimirat design team meeting to discuss design and potentially call for adoption in Montreal.