[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cryptography
Subject:    Re: [Cryptography] Apple's 13-month certificate policy
From:       Phillip Hallam-Baker <phill () hallambaker ! com>
Date:       2020-02-24 3:28:23
Message-ID: CAMm+Lwj9aEeAoi+YJeCD+aXE9=K3dAmT3dSFO2fz35yWTwR3aw () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On Sun, Feb 23, 2020 at 7:55 PM Salz, Rich via cryptography <
cryptography@metzdowd.com> wrote:

> >    ACME works great for Let's Encrypt, but I expect it'll work less great
>     for CAs that want people to pay.
>
> At least one for-pay commercial CA has announced support for ACME.
>
> The protocol has workflow to support payment FWIW.
>

Yes, it does have the payment flow.

But the reason the commercial CAs weren't leaping to do ACME was they had
all solved the problem years ago and have their own APIs and some are
integrated into the likes of C-Panel. So a standard for automated issue for
the bulk of certs was never really a priority.

[Attachment #5 (text/html)]

<div dir="ltr"><div dir="ltr"><div class="gmail_default" \
style="font-size:small"><br></div></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Sun, Feb 23, 2020 at 7:55 PM Salz, Rich via cryptography &lt;<a \
href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a>&gt; \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">&gt;      ACME works \
great for Let&#39;s Encrypt, but I expect it&#39;ll work less great<br>  for CAs that \
want people to pay.<br> <br>
At least one for-pay commercial CA has announced support for ACME.<br>
<br>
The protocol has workflow to support payment \
FWIW.<br></blockquote><div><br></div><div class="gmail_default" \
style="font-size:small">Yes, it does have the payment flow.</div><div \
class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">But the reason the commercial CAs weren&#39;t leaping to do \
ACME was they had all solved the problem years ago and have their own APIs and some \
are integrated into the likes of C-Panel. So a standard for automated issue for the \
bulk of certs was never really a priority.</div><div class="gmail_default" \
style="font-size:small"><br></div></div></div>



_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
https://www.metzdowd.com/mailman/listinfo/cryptography


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic