On Mon, Apr 25, 2016 at 03:34:13PM -0700, Jacob Hoffman-Andrews wrote: > > It seems what we'd really want for that is the ability to query for > > all current authorisations and to be able to revoke them even if you > > aren't in possession of the account key that obtained them (but are in > > possession of the key which most recently performed authz). > > Another way to achieve this: We could specify that getting a new > authorization for a domain invalidates all previous authorizations for > that domain. That way, if your account key is compromised, you create a > new key and re-authorize all the domains you previously had. This has > the advantage of not requiring any new operations.
I thought I recalled somebody making a case for why having multiple keys authorised was useful to them, but yes, this is simpler and would work for me. It would 'simplify' the key roll-over problem too :) Since that would then just become this on a "last key to authz wins" basis. Which seems about right, whoever controls the name (whether they gained it through legitimate transfer, regained it after some compromise, or otherwise) can obtain DV certs though ACME or traditional CA methods. That would just leave us wanting a way to also revoke certs that might have been issued to an illegitimate key. But given the lag that OCSP has, it might be reasonable to just auto-kill those too, since with reasonable automation even a 'normal' key roll-over can probably get new certs deployed before OCSP starts flagging old ones as revoked. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
