Technical Summary
This document specifies an extension to the Automated Certificate
Management Environment (ACME) protocol which allows an ACME server to
validate the Delay-Tolerant Networking (DTN) Node ID for an ACME
client. The DTN Node ID is encoded as a certificate Subject
Alternative Name (SAN) of type otherName with a name form of
BundleEID and as an ACME Identifier type "bundleEID".
Working Group Summary
This document was developed in support of work in the DTN WG. After WG review, an AD review surfaced an issue with the way in which the DTN ID was represented given the constraints of RFC5280 (July 2021). This precipitated changes in the DTN specs and revision of this document. After IETF LC, additional changes were made based on SECDIR review (Jan 2022) and due to additional developments in DTN (March 2022). Confirmation that these changes had WG consensus was checked during IETF 114 and in another WGLC (Summer 2022).
Document Quality
There aren't any known implementations of this mechanism as of yet.
As the document points out:
| The emergent properties of DTN naming and BP security are still
| being developed and explored, especially between different
| organizational and administrative domains, so the
| "experimental" status of this document is related more to the
| practical utility of this kind of Node ID validation than to
| the validation method itself.
Personnel
Yoav Nir is the document shepherd.
Roman Danyliw is the responsible Area Director.