Automated Certificate Management Environment

The Automated Certificate Management Environment (ACME) protocol is a communications protocol for automating interactions between certificate authorities and their users' web servers, allowing the automated deployment of public key infrastructure at very low cost.^[1]^[2] It was designed by the Internet Security Research Group for their Let's Encrypt service.^[1]

The protocol, based on passing JSON-formatted messages over HTTPS,^[2]^[3] has been published as an Internet-Draft.^[4]

The Internet Security Research Group provides reference open source software implementations for ACME: letsencrypt is a Python-based implementation of server certificate management software using the ACME protocol,^[5] and boulder is a CA implementation, written in the Go programming language.^[6]

References

1 2 Steven J. Vaughan-Nichols (9 April 2015). "Securing the web once and for all: The Let's Encrypt Project". ZDNet.
1 2 "letsencrypt/acme-spec". github.com. Retrieved 2014-11-20.
↑ Chris Brook (18 November 2014). "EFF, Others Plan to Make Encrypting the Web Easier in 2015". ThreatPost.
↑ R. Barnes, P. Eckersley, S. Schoen, A. Halderman, J. Kasten (January 28, 2015). "Automatic Certificate Management Environment (ACME) draft-barnes-acme-01".
↑ "letsencrypt/letsencrypt". github.com. Retrieved 2015-12-11.
↑ "letsencrypt/boulder". github.com. Retrieved 2015-06-22.

TLS and SSL

Protocols and technologies

Transport Layer Security / Secure Sockets Layer (TLS/SSL)
Datagram Transport Layer Security (DTLS)
DNS Certification Authority Authorization (CAA)
DNS-based Authentication of Named Entities (DANE)
HTTPS
HTTP Public Key Pinning (HPKP)
HTTP Strict Transport Security (HSTS)
OCSP stapling
Perfect forward secrecy
Server Name Indication (SNI)
STARTTLS

Public-key infrastructure

Automated Certificate Management Environment (ACME)
Certificate authority (CA)
CA/Browser Forum
Certificate policy
Certificate revocation list (CRL)
Domain-validated certificate (DV)
Extended Validation Certificate (EV)
Online Certificate Status Protocol (OCSP)
Organization-validated certificate (OV)
Public key certificate
Public-key cryptography
Public key infrastructure (PKI)
Root certificate
Self-signed certificate

See also

Domain Name System Security Extensions (DNSSEC)
Internet Protocol Security (IPsec)
Secure Shell (SSH)

History

Implementations

Notaries

Vulnerabilities

Theory	Man-in-the-middle attack Padding oracle attack Lucky Thirteen attack

Cipher	Bar mitzvah attack

Protocol	BEAST BREACH CRIME Logjam POODLE (in regards to SSL 3.0)

Implementation	Certificate authority compromise Random number generator attacks FREAK goto fail Heartbleed POODLE (in regards to TLS 1.0)

This article is issued from Wikipedia - version of the Saturday, December 12, 2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.