[Servercert-wg] Fw: New Version Notification for draft-vanbrouwershaven-acme-auto-discovery-00.txt

Paul van Brouwershaven Paul.vanBrouwershaven at entrust.com
Thu Jul 6 15:21:35 UTC 2023

I just submitted the initial draft for ACME auto-discovery to the ACME working group as discussed during the latest face-to-face meeting at the IETF.

We encourage everyone to provide feedback on the draft and to consider showing their support for this draft within the IETF. Your active participation and endorsement will contribute to the advancement and adoption of this proposal that is needed for the broader adoption of automation through ACME.



From: internet-drafts at ietf.org <internet-drafts at ietf.org>
Sent: Thursday, July 6, 2023 16:39
To: Mike Ounsworth <Mike.Ounsworth at entrust.com>; Paul van Brouwershaven <Paul.vanBrouwershaven at entrust.com>
Subject: [EXTERNAL] New Version Notification for draft-vanbrouwershaven-acme-auto-discovery-00.txt

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.


A new version of I-D, draft-vanbrouwershaven-acme-auto-discovery-00.txt
has been successfully submitted by Paul van Brouwershaven and posted to the
IETF repository.

Name:           draft-vanbrouwershaven-acme-auto-discovery
Revision:       00
Title:          Auto-discovery mechanism for ACME client configuration
Document date:  2023-07-06
Group:          Individual Submission
Pages:          16
URL:            https://www.ietf.org/archive/id/draft-vanbrouwershaven-acme-auto-discovery-00.txt
Status:         https://datatracker.ietf.org/doc/draft-vanbrouwershaven-acme-auto-discovery/
Html:           https://www.ietf.org/archive/id/draft-vanbrouwershaven-acme-auto-discovery-00.html
Htmlized:    https://datatracker.ietf.org/doc/html/draft-vanbrouwershaven-acme-auto-discovery

   A significant impediment to the widespread adoption of the Automated
   Certificate Management Environment (ACME) [RFC8555] is that ACME
   clients need to be pre-configured with the URL of the ACME server to
   be used.  This often leaves domain owners at the mercy of their
   hosting provider as to which Certification Authorities (CAs) can be
   used.  This specification provides a mechanism to bootstrap ACME
   client configuration from a domain's DNS CAA Resource Record
   [RFC8659], thus giving control of which CA(s) to use back to the
   domain owner.

   Specifically, this document specifies two new extensions to the DNS
   CAA Resource Record: the "discovery" and "priority" parameters.
   Additionally, it registers the URI "/.well-known/acme" at which all
   compliant ACME servers will host their ACME directory object.  By
   retrieving instructions for the ACME client from the authorized
   CA(s), this mechanism allows for the domain owner to configure
   multiple CAs in either load-balanced or fallback prioritizations
   which improves user preferences and increases diversity in
   certificate issuers.

The IETF Secretariat

Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230706/2c48bdc8/attachment.html>

More information about the Servercert-wg mailing list