An ACME Profile for Generating Delegated STAR Certificates
draft-ietf-acme-star-delegation-00
| Document | Type | Expired Internet-Draft (acme WG) | |
|---|---|---|---|
| Authors | Yaron Sheffer , Diego Lopez , Antonio Pastor , Thomas Fossati | ||
| Last updated | 2019-06-16 (Latest revision 2018-12-13) | ||
| Replaces | draft-sheffer-acme-star-delegation | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Formats |
Expired & archived
plain text
xml
htmlized
pdfized
bibtex
|
||
| Reviews |
GENART Last Call review
(of
-06)
Ready with Nits
SECDIR Last Call review
(of
-06)
Not Ready
OPSDIR Last Call Review
Incomplete, due 2021-03-22
|
||
| Stream | WG state | WG Document | |
| Associated WG milestone |
|
||
| Document shepherd | (None) | ||
| IESG | IESG state | Expired | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-ietf-acme-star-delegation-00.txt
Abstract
This memo proposes a profile of the ACME protocol that allows the owner of an identifier (e.g., a domain name) to delegate to a third party access to a certificate associated with said identifier. A primary use case is that of a CDN (the third party) terminating TLS sessions on behalf of a content provider (the owner of a domain name). The presented mechanism allows the owner of the identifier to retain control over the delegation and revoke it at any time by cancelling the associated STAR certificate renewal with the ACME CA. Another key property of this mechanism is it does not require any modification to the deployed TLS ecosystem.
Authors
Yaron Sheffer
Diego Lopez
Antonio Pastor
Thomas Fossati
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)