Skip to main content

An ACME Profile for Generating Delegated STAR Certificates
draft-ietf-acme-star-delegation-00

The information below is for an old version of the document.
Document Type Expired Internet-Draft (acme WG)
Authors Yaron Sheffer , Diego Lopez , Antonio Pastor , Thomas Fossati
Last updated 2019-06-16 (Latest revision 2018-12-13)
Replaces draft-sheffer-acme-star-delegation
Stream Internet Engineering Task Force (IETF)
Formats
Expired & archived
plain text xml htmlized pdfized bibtex
Reviews
OPSDIR Last Call Review Incomplete, due 2021-03-22
Stream WG state WG Document
Associated WG milestone
Jan 2021
Profile for delegated STAR certificates submitted to IESG
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)
This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at:
https://www.ietf.org/archive/id/draft-ietf-acme-star-delegation-00.txt

Abstract

This memo proposes a profile of the ACME protocol that allows the owner of an identifier (e.g., a domain name) to delegate to a third party access to a certificate associated with said identifier. A primary use case is that of a CDN (the third party) terminating TLS sessions on behalf of a content provider (the owner of a domain name). The presented mechanism allows the owner of the identifier to retain control over the delegation and revoke it at any time by cancelling the associated STAR certificate renewal with the ACME CA. Another key property of this mechanism is it does not require any modification to the deployed TLS ecosystem.

Authors

Yaron Sheffer
Diego Lopez
Antonio Pastor
Thomas Fossati

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)