Minutes IETF112: acme
minutes-112-acme-00
| Meeting Minutes | Automated Certificate Management Environment (acme) WG | |
|---|---|---|
| Date and time | 2021-11-11 14:30 | |
| Title | Minutes IETF112: acme | |
| State | Active | |
| Other versions | plain text | |
| Last updated | 2021-11-21 |
minutes-112-acme-00
# ACME Meeting at IETF 112 Thursday, 11-Nov-2021 at 14:30 UTC Notes: [notes](https://notes.ietf.org/notes-ietf-112-acme) MeetEcho: [MeetEcho](https://meetings.conf.meetecho.com/ietf112/?group=acme&short=&item=1) Jabber: [room](xmpp:acme@jabber.ietf.org?join) ; [logs](https://jabber.ietf.org/jabber/logs/acme/2021-11-11.html) ## Agenda * Note Well, technical difficulties and administrivia (chairs) – 5 min * IETF Code of Conduct (chairs) - 5 min * Document Status (chairs) – 5 min * draft-ietf-acme-dtnnodeid-06 (Sipos) - 10 min * draft-aaron-acme-ari-01 (Gable) - 10 min * draft-ietf-acme-integrations (Friel, Shekh-Yusef, Richardson) - 10 minutes * draft-ietf-acme-subdomains (Friel, Barnes, Hollebeek, Richardson) - 10 minutes * AOB - 5 min ## Notes ### Document Status * star-delegation draft was published as RFC 9115 * authority-token-07 was posted; now in IETF Last Call * authority-token-tnauthlist draft saw no changes * end-user client and code signing draft got two new versions; please review * authority-token and authority-token-tnauthlist will proceed to to the IESG telechat together. ### DTN Node ID * Now using the otherName form of SubjectAltName (BundleEID) * Portions of earlier versions of this document updated DTN documents; these have been moved out to a separate document which is being adopted by the DTN WG and is informatively referenced here * Three known issues (all editorial) * Will continue to use "DTN Node ID" in the document, just to be clear that the document is related to the DTN WG ### ACME ARI Extension * initial server implementation to Let’s Encrypt’s Staging environment * renewalInfo URL is now constructable from subscriber certificate: -- hex encoding of issuer key hash (SHA-1), issuer name hash (SHA-1), and serial -- same approach to identify the certificate as used in OCSP * only uses GET (not POST-as-GET) * clarified client behavior in various extraordinary circumstances * polling semantics are "wait X time", but also want a way to say come right back; considering changing how polling interval is communicated to client * considering adding a "renewal has completed" endpoint; would let ACME CA revoke * authors ask for adoption ### ACME Integrations * address RFC7030 CSR Attributes gap by reference to draft-richardson-lamps-rfc7030-csrattrs -- this document is blocked until the LAMPS document is done, but the rest of it can be reviewed now * now uses RFC 8499 “DNS Terminology" ### ACME Subdomains * Adopted by WG * Terminology additions: Included RFC 8499 “DNS Terminology” definitions; will change JSON field names for alignment * please review; getting close to done ### AOB * possible future work on an ACME mechanism for single-use code signing certificates ### Charter Milestone Review * all of the milestones are in the past -- DTN Node ID -- December 2021 -- Subdomain -- March 2022 -- Integration -- March 2022 -- Code Signing -- July 2022