Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7082

Implement support for tls-alpn-01

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Minor
    • Resolution: Won't Do
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Issue discovered during:
      Ad Hoc
    • Epic Link:

      Description

      From the CA/B forum mailing list:

      Let’s Encrypt has deployed an implementation[0] of the draft-ietf-acme-tls-alpn-01[1] validation method in their staging environment[2]. This is a CAB/F BR 3.2.2.4.10 method which uses ALPN and a specially constructed certificate to validate domain control. They believe that this method resolves the major issues that were discovered with the TLS-SNI based methods while still allowing validation purely at the TLS layer.

      [0] https://github.com/letsencrypt/boulder/blob/2dadd5e09a8228342aa86e8fa4c8d887a82aa4ac/va/va.go#L701-L768
      [1] https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01
      [2] https://acme-staging.api.letsencrypt.org/

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              bastianf Bastian Fredriksson
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 1 week
                  1w
                  Remaining:
                  Remaining Estimate - 1 week
                  1w
                  Logged:
                  Time Spent - Not Specified
                  Not Specified