Lets Encrypt and Boulder Implementation Questions


#1

Hi All

I have a few questions about Lets Encrypt and Boulder. I have worked my way through some of the ACME protocol and some of the boulder and have a few questions so hoping some people can assist.

A) JWA lists several algorithm types https://www.rfc-editor.org/rfc/rfc7518.txt section 3.1. Does boulder support Elliptic curve based keys for account authentication. How many of the algs listed are able to be used with lets encrypt.

B) ACME describes several required REST resources. Does Lets Encrypt support API calls outside of what ACME describes and if so where are these REST methods documented? For example can a user get a list of all certificates they have sucesfully being able to get issued?

C) Does Lets Encrypt have the ability to utilise and parse Elliptic curve based CSR requests?

D) Does Lets Encrypt support out of band validation. I noticed its a fairly new method (version 03) of the standard but could simplify things with certificate validation.


#2

A: yes, see the following pull request: https://github.com/letsencrypt/boulder/pull/1357 Perhaps you can find the accepted algorithms/curves in the same PR.
C: yes, see the following pull request: https://github.com/letsencrypt/boulder/pull/1298


#3

B) - see https://tools.ietf.org/html/draft-ietf-acme-acme-03 ( along with the divergences below in answer to D)

D) - no - see https://github.com/letsencrypt/boulder/blob/master/docs/acme-divergences.md


#4

thank you both

knew someone had the answers :smiley:


#5

account key EC Algorithms supports the 3 recommended EC Algorithms

case *ecdsa.PublicKey:

  •    switch k.Params().Name {
    
  •    case "P-256":
    
  •        return string(jose.ES256), nil
    
  •    case "P-384":
    
  •        return string(jose.ES384), nil
    
  •    case "P-521":
    
  •        return string(jose.ES512), nil
    
  •    }

#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.