On Wed, May 13, 2015 at 3:46 PM, Randy Bush <[email protected]> wrote: > > The current charter language about certificate revocation could be > > interpreted as raising the bar too high. I suggest that we can keep > > it simple. > > > > OLD: > > > > ACME certificate management must, in an automated manner, allow a > > party that has previously requested a certificate to subsequently > > request revocation of that certificate. > > > > NEW: > > > > ACME certificate management must, in an automated manner, allow an > > authorized party to request revocation of a certificate. > > /me likes simple, and this revision > > I'm not sure this is actually the same requirement. The initial aim was for ACME to provide something like an "apt-get install" level of simplicity; I read this as something like an "apt-get revoke" equivalent. I think
"allow an authorized party to request revocation" may be a larger set than then site admin envisioned in the first--it sort of depends on who the "authorized party" is. How about: "ACME certificate management must provide automated methods for revocation parallel to those use to request a certificate"? These all pretty small tweaks, though. Ted > randy > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
