IETF-95 Proceedings

Introduction  |  Area, Working Goup & BoF Reports  |  Plenaries  |  Training  |  Internet Research Task Force

Automated Certificate Management Environment (acme) (WG)

Minutes   |   Jabber Logs  |   Mailing List Archives

Additional information is available at tools.ietf.org/wg/acme

Chair(s):

Security Area Area Director(s):

Assigned Area Director



Status Update (provided 2016-04-05)

At IETF 95, the group reviewed the issues closed in the creation of -02, then reviewed the open issues in draft-ietf-acme-acme.  Three were explicitly deferred ((#4 #88 #89), and the group agreed to implement pull requests for others (#112, #113, and #114).  Phillip Hallam-Baker proposed a syntactic shift for the current draft, which he will propose as a pull request by April 19th.

The group is hoping to complete version 1 and have a last call prior to IETF 96.

Recordings:

Meeting Slides:

Blue Sheets:

Internet-Drafts:

No Request for Comments

Charter (as of 2015-06-26):

Historically, issuance of certificates for Internet applications
(e.g., web servers) has involved many manual identity validation steps
by the certification authority (CA). The ACME WG will specify
conventions for automated X.509 certificate management, including
validation of control over an identifier, certificate issuance,
certificate renewal, and certificate revocation. The initial focus of
the ACME WG will be on domain name certificates (as used by web
servers), but other uses of certificates can be considered as work
progresses.

ACME certificate management must allow the CA to verify, in an
automated manner, that the party requesting a certificate has authority
over the requested identifiers, including the subject and subject
alternative names. The processing must also confirm that the requesting
party has access to the private key that corresponds to the public key
that will appear in the certificate. All of the processing must be done
in a manner that is compatible with common service deployment
environments, such as hosting environments.

ACME certificate management must, in an automated manner, allow an
authorized party to request revocation of a certificate.

The ACME working group is specifying ways to automate certificate
issuance, validation, revocation and renewal. The ACME working
group is not reviewing or producing certificate policies or
practices.

The starting point for ACME WG discussions shall be draft-barnes-acme.