Richard Barnes, Jacob Hoffman-Andrews, and James Kasten are the authors.
Yoav Nir is the document shepherd. Eric Rescorla is the responsible Area
Certificates in PKI using X.509 (PKIX) are used for a number of
purposes, the most significant of which is the authentication of
domain names. Thus, certificate authorities in the Web PKI are
trusted to verify that an applicant for a certificate legitimately
represents the domain name(s) in the certificate. Today, this
verification is done through a collection of ad hoc mechanisms. This
document describes a protocol that a certification authority (CA) and
an applicant can use to automate the process of verification and
certificate issuance. The protocol also provides facilities for
other certificate management functions, such as certificate
Review and Consensus
This document represents the consensus of the ACME working group. The draft
has been the main document of the group for the last two years, and has been
through WGLC since February 2017.
Much of the discussion since then has been feedback from commercial CAs
about integrating the protocol with their processes. Several of them are now
committed to deploy this protocol following publication.
Most of the session in IETF 99 was devoted to verifying that there are no
more open issues for this draft.
The authors have stated that they do not have any IPR related to this
document, and that they are not aware of any IPR claims made by others about
the content of this document.