bradfitz
commented
4 months ago Unlike x/crypto/ssh, at least x/crypto/acme doesn't have any dependencies on internal packages within x/crypto. So we could fork just acme without taking along all of x/crypto for the ride. (like we could make github.com/tailscale/acme that's a fork of x/crypto but in the fork git rm -rf all the other directories so they're impossible to use from our code ...)
If that makes feel feel more warm & fuzzy, not having as much forked crypto.
While https://datatracker.ietf.org/doc/draft-ietf-acme-ari/ is in draft state, upstream golang.org/x/crypto/acme is unlikely to merge support for it. We have ARI implemented on our fork: https://github.com/tailscale/golang-x-crypto/commit/f0b76a10a08e5ae339838273506f59b90e071559
Once the RFC is finalized, we should upstream our implementation and unfork.
Related: https://github.com/tailscale/tailscale/issues/8593
cc @noncombatant @bradfitz @samlinville