CAcert Code Development list.

[Bernhard Fröhlich <bernhard AT cacert.org>]

Hi Frederic, hi everyone else,

I created a new issue https://bugs.cacert.org/view.php?id=1464 on the 
bugtracker.

Though I did not go into any details yet, I have the feeling that this 
(or maybe a similar protocol) would be very sensible extension for 
CAcert. If we want to strengthen the Org assurance, having a sample 
scenario for automatic renewing/re-issuing of certificates would surely 
be a "selling point".

When I find a bit of time I'll try to work through the RFC, and of 
course everyone else is invited to have a look, and record findings with 
the bugtracker case.

Kind regards
Ted
;)


Am 02.08.2019 um 11:27 schrieb Frederic Dumas:
> Hello !
>
> ACME protocol. Looks like a cartoon's name. If I am right, it comes 
> from Let's Encrypt. It makes possible for web servers and appliances 
> to get their renewed SSL certificates, without the admin doing it 
> manually. Likely you know already about it.
>
> > Certbot is a tool built by EFF to help encrypt the Internet by 
> > installing SSL/TLS certificates for free. Previously known as the 
> > “Let’s Encrypt client”, Certbot will work with any certificate 
> > authorities that support the ACME protocol.
>
> How much work would it require from you guys to add the corresponding 
> ACME API to the CAcert web app? Would such an API comply with our 
> existing Policies ? Does a tool as Certbot delivers a true benefit for 
> the end user in other scenarios than the typical Let's Encrypt 90 days 
> validity period of time?
>
> Just looking at possible companion tools making the end user life 
> easier with our own solution.
>
>
> Regards,
>
> Frédéric.
>
> --
> Frédéric Dumas
> f.dumas AT ellis.siteparc.fr

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature