All,
This update adds discussion of default host names, secure network connection (802.1X/EAP-TLS), and manual certificate approvals. The changes take a step back from completely automatic certificate issuance and implied trust for IoT devices while retaining the completely-local management and automated renewal capabilities of a local ACME server and the scalability from small residential/home networks with just mDNS through large enterprise networks with a DNS server/domain.
> Begin forwarded message:
>> From: internet-drafts at ietf.org> Subject: New Version Notification for draft-sweet-iot-acme-07.txt
> Date: February 7, 2025 at 3:03:39 PM EST
> To: "Michael Sweet" <msweet at msweet.org>
>> A new version of Internet-Draft draft-sweet-iot-acme-07.txt has been
> successfully submitted by Michael Sweet and posted to the
> IETF repository.
>> Name: draft-sweet-iot-acme
> Revision: 07
> Title: ACME-Based Provisioning of IoT Devices
> Date: 2025-02-07
> Group: Individual Submission
> Pages: 16
> URL: https://www.ietf.org/archive/id/draft-sweet-iot-acme-07.txt> Status: https://datatracker.ietf.org/doc/draft-sweet-iot-acme/> HTML: https://www.ietf.org/archive/id/draft-sweet-iot-acme-07.html> HTMLized: https://datatracker.ietf.org/doc/html/draft-sweet-iot-acme> Diff: https://author-tools.ietf.org/iddiff?url2=draft-sweet-iot-acme-07>> Abstract:
>> This document extends the Automatic Certificate Management
> Environment (ACME) to provision X.509 certificates for local Internet
> of Things (IoT) devices that are accepted by existing web browsers
> and other software running on End User client devices.
>>>> The IETF Secretariat
>>
________________________
Michael Sweet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20250207/0648f625/attachment.html>