Hello John and Robert (authors), I just read your document. I am not an certificate expert. But I would like to share my gut feeling with the authors.
First, I think it is good to enrich the use cases where requirements are generated. This draft is the only new draft by now (besides draft-barnes-), and the authors are doing a very useful work. Second, from the technical point, I do not think a new https server needs to download the certificate from the CA. As the certificate is public accessible, so IMO the new https server only needs to get it from the existing https server. But what makes sense to me is that, the domain owner (existing https server) might need to request certificates that has restrictions (e.g. for the CDN use case). Best Regards! -Haibin Song _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
