Minutes IETF115: acme: Thu 15:30
minutes-115-acme-202211101530-00

Meeting Minutes Automated Certificate Management Environment (acme) WG
Date and time 2022-11-10 15:30
Title Minutes IETF115: acme: Thu 15:30
State Active
Other versions markdown
Last updated 2022-11-15

minutes-115-acme-202211101530-00

Automated Certificate Management Environment (acme)

IETF 115, Thursday, 10 Nov 2022 1530-1630 UTC, Room: Mezzanine 10-11
(East Wing, First Floor)

Agenda

Note Well, technical difficulties and administrivia (chairs) – 5 min

Document Status (chairs) – 10 min

  • No new RFCs (third meeting in a row).
  • Some recently published drafts.
  • The authority-token draft may be published as RFC before next
    meeting.
  • The tnauthlist draft has DISCUSSes open. Jon Peterson notes the
    tnauthlist issues should be resolve in about a month.
  • The acme-integrations draft needs revision following AD evaluation.
  • The acme-subdomains draft is in IETF LC.

Work items

draft-ietf-acme-dtnnodeid-09 (Sipos) - 10 min

  • The draft -10 version fixed typos and adding some clarification re:
    the experimental nature of the draft.
  • Draft is waiting on an update to the IANA registry for Bundle
    Protocol (draft to handle the update is up for DTN WG adoption).
    Brian suggests this draft wait in an approval cluster. Roman
    affirmed plan to park the draft until depenency progresses (AD
    follow-up/external review required).

New work

draft-bweeks-acme-device-attest (Weeks) - 10 min

  • Changes since IETF 114. Clarifying that verification procedures are
    out of scope.
  • Affirming new IANA registry will be created (in tandem with similar
    draft in LAMPS).
  • All discussion so far has been about wrapping attestation formats.
    Three drafts take vendor-specific attestation and include it in a
    cert request or TLS handshake. Goal is to use same encapsulation
    format. The latest TLS draft has moved away from same format. Yaron
    notes that the divergence with TLS draft goes beyond format and into
    use cases.
  • Two implementations: iOS/tvOS; step-ca certification authority. They
    are thought to interoperate.
  • Richard Barnes thought approach in draft was clear and ready for
    adoption call. No one voiced opinion against adoption. A call for
    adoption will be sent to the list.

draft-todo-chariton-dns-account-01 (Omidi, Chariton) - 15 min

  • Antonios gave a summary of the relevant existing mechanism and
    motivation for the draft (use cases, things to avoid, etc).
  • New mechanism is not intended to replace dns-01 but to be an
    additional mechanism.
  • A summary of the proposed mechanism was provided. Intent is to make
    sure the mechanism would work well with Web PKI, but Web PKI is not
    the only target.
  • CAB/Forum procedures were reviewed to affirm compatibility with Web
    PKI practices. Richard asked if any adjustments would be required to
    align with CAB/Forum. Antonios indicated no changes necessary. Tim
    Hollebeek notes he thinks there may be some CAB/Forum issues due to
    CAB/Forum reference to ACME RFC. Tim offered to help research and
    work out any issues.
  • Antonios shared some additional resources that may be useful for
    reviewers.
  • Richard Barnes noted he thought the draft was ready for an adoption
    call. Several people indicated they have read the draft. The chair
    asked for more review and comment on list. No one voiced opinion
    against adoption. A call for adoption will be sent to the list.

AOB - 10 min

No other business.