I recall reading about a proposed RFC a while back that utilized a hash of the account uri. Does anyone recall which RFC that was?

I've compiled a list of ACME RFCs below. If there are any omissions, let me know and I will edit this posting. I could not find any resource that listed them all – so I had to use the IETF site, search engines and this discourse. I am certain I missed some; I definitely missed the one with the account hash.

List of ACME RFCs

Implemented by LetsEncrypt

RFC 8555: Automatic Certificate Management Environment (ACME)

• RFC 8555 - Automatic Certificate Management Environment (ACME)

RFC 8657: Certification Authority Authorization (CAA) Record Extensions for Account URI and ACME Method Binding

• RFC 8657 - Certification Authority Authorization (CAA) Record Extensions for Account URI and Automatic Certificate Management Environment (ACME) Method Binding

RFC 8737: ACME TLS Application-Layer Protocol Negotiation (ALPN) Challenge Extension

• RFC 8737: Automated Certificate Management Environment (ACME) TLS Application‑Layer Protocol Negotiation (ALPN) Challenge Extension

draft-ietf-acme-ari-08: Automated Certificate Management Environment (ACME) Renewal Information (ARI) Extension

• draft-ietf-acme-ari-08 - Automated Certificate Management Environment (ACME) Renewal Information (ARI) Extension

draft-aaron-acme-profiles-00: Automated Certificate Management Environment (ACME) Profiles Extension

• draft-aaron-acme-profiles-00 - Automated Certificate Management Environment (ACME) Profiles Extension

Not Implemented / Unknown

RFC 8823: Extensions to Automatic Certificate Management Environment for End-User S/MIME Certificates

RFC 8823 - Extensions to Automatic Certificate Management Environment for End-User S/MIME Certificates

RFC 8738: ACME IP Identifier Validation Extension

• RFC 8738: Automated Certificate Management Environment (ACME) IP Identifier Validation Extension

RFC 9115: An ACME Profile for Generating Delegated Certificates

• RFC 9115 - An Automatic Certificate Management Environment (ACME) Profile for Generating Delegated Certificates

RFC 9444: Automated Certificate Management Environment (ACME) for Subdomains

• RFC 9444 - Automated Certificate Management Environment (ACME) for Subdomains

RFC 9447: ACME Challenges Using an Authority Token

• RFC 9447 - Automated Certificate Management Environment (ACME) Challenges Using an Authority Token

RFC 9448: TNAuthList Profile of ACME Authority Token Challenges

• RFC 9448 - TNAuthList Profile of Automated Certificate Management Environment (ACME) Authority Token

I think this page lists the documents related to the IETF ACME group:

I think you might be thinking of the dns-account-label draft?

The proposed dns-account-01 challenge hashes the account URL:

(Edit: @petercooperjr beat me to it)

That's it, thanks!

I didn't think of looking through the Working Group. I kept getting search engine hits to earlier drafts that had not yet been submitted.

Did anyone else implement Authority Token and Authority Token Challenges? I did a while ago for STIR/SHAKEN certs but it's not clear if anyone really uses them.

Not me. Tangent- I think we need to build a community matrix document of which Public CAs and Private CA Software support which specs. There is so much variance on this.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.