ACME Challenges Using an Authority Token

The information below is for an old version of the document
Document Type Expired Internet-Draft (acme WG)
Authors Jon Peterson  , Mary Barnes  , David Hancock  , Chris Wendt 
Last updated 2019-09-26 (latest revision 2019-03-25)
Stream Internet Engineering Task Force (IETF)
Expired & archived
pdf htmlized bibtex
Additional Resources
- Mailing list discussion
Stream WG state WG Document (wg milestone: Apr 2020 - TNAuthlist extension... )
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Some proposed extensions to the Automated Certificate Management Environment (ACME) rely on proving eligibility for certificates through consulting an external authority that issues a token according to a particular policy. This document specifies a generic Authority Token challenge for ACME which supports subtype claims for different identifiers or namespaces that can be defined separately for specific applications.


Jon Peterson (
Mary Barnes (
David Hancock (
Chris Wendt (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)