<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<span class="ContentPasted0" style="font-size: 12pt; font-family: Calibri, Arial, Helvetica, sans-serif;"></span></div>
<div class="elementToProof"><span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; font-weight: 400;">I just submitted the initial draft for ACME auto-discovery to the ACME working group as discussed during the latest face-to-face
meeting at the IETF. </span></div>
<div><br>
</div>
<div class="elementToProof"><span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; font-weight: 400;">We encourage everyone to provide feedback on the draft and to consider showing their support for this draft within the IETF. Your
active participation and endorsement will contribute to the advancement and adoption of this proposal that is needed for the broader adoption of automation through ACME.</span></div>
<div></div>
<div><br>
</div>
<div><span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; font-weight: 400;">Thanks,</span></div>
<div><br>
</div>
<div><span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; font-weight: 400;">Paul</span><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div id="appendonsend"></div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size: 11pt; color: rgb(0, 0, 0);"><b>From:</b> internet-drafts@ietf.org <internet-drafts@ietf.org><br>
<b>Sent:</b> Thursday, July 6, 2023 16:39<br>
<b>To:</b> Mike Ounsworth <Mike.Ounsworth@entrust.com>; Paul van Brouwershaven <Paul.vanBrouwershaven@entrust.com><br>
<b>Subject:</b> [EXTERNAL] New Version Notification for draft-vanbrouwershaven-acme-auto-discovery-00.txt</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt">
<div class="PlainText elementToProof ContentPasted1">WARNING: This email originated outside of Entrust.<br>
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.<br>
<br>
______________________________________________________________________<br>
<br>
A new version of I-D, draft-vanbrouwershaven-acme-auto-discovery-00.txt<br>
has been successfully submitted by Paul van Brouwershaven and posted to the<br>
IETF repository.<br>
<br>
Name: draft-vanbrouwershaven-acme-auto-discovery<br>
Revision: 00<br>
Title: Auto-discovery mechanism for ACME client configuration<br>
Document date: 2023-07-06<br>
Group: Individual Submission<br>
Pages: 16<br>
URL: <a href="https://www.ietf.org/archive/id/draft-vanbrouwershaven-acme-auto-discovery-00.txt">https://www.ietf.org/archive/id/draft-vanbrouwershaven-acme-auto-discovery-00.txt</a>
<div class="ContentPasted1">Status: <a href="https://datatracker.ietf.org/doc/draft-vanbrouwershaven-acme-auto-discovery/">
https://datatracker.ietf.org/doc/draft-vanbrouwershaven-acme-auto-discovery/</a> </div>
<div class="ContentPasted1">Html: <a href="https://www.ietf.org/archive/id/draft-vanbrouwershaven-acme-auto-discovery-00.html">
https://www.ietf.org/archive/id/draft-vanbrouwershaven-acme-auto-discovery-00.html</a> </div>
Htmlized: <a href="https://datatracker.ietf.org/doc/html/draft-vanbrouwershaven-acme-auto-discovery">https://datatracker.ietf.org/doc/html/draft-vanbrouwershaven-acme-auto-discovery</a>
<br>
<br>
<br>
Abstract:<br>
A significant impediment to the widespread adoption of the Automated<br>
Certificate Management Environment (ACME) [RFC8555] is that ACME<br>
clients need to be pre-configured with the URL of the ACME server to<br>
be used. This often leaves domain owners at the mercy of their<br>
hosting provider as to which Certification Authorities (CAs) can be<br>
used. This specification provides a mechanism to bootstrap ACME<br>
client configuration from a domain's DNS CAA Resource Record<br>
[RFC8659], thus giving control of which CA(s) to use back to the<br>
domain owner.<br>
<br>
Specifically, this document specifies two new extensions to the DNS<br>
CAA Resource Record: the "discovery" and "priority" parameters.<br>
Additionally, it registers the URI "/.well-known/acme" at which all<br>
compliant ACME servers will host their ACME directory object. By<br>
retrieving instructions for the ACME client from the authorized<br>
CA(s), this mechanism allows for the domain owner to configure<br>
multiple CAs in either load-balanced or fallback prioritizations<br>
which improves user preferences and increases diversity in<br>
certificate issuers.<br>
<br>
<br>
<br>
<br>
The IETF Secretariat<br>
<br>
<br>
</div>
</span></font></div>
<i>Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains.
<u>Please notify Entrust immediately and delete the message from your system.</u></i>
</body>
</html>