On 04/25/2016 05:03 PM, Ron wrote: > That would just leave us wanting a way to also revoke certs that might > have been issued to an illegitimate key. But given the lag that OCSP > has, it might be reasonable to just auto-kill those too, since with > reasonable automation even a 'normal' key roll-over can probably get > new certs deployed before OCSP starts flagging old ones as revoked. I don't think authorizing under a new account key should revoke old certs. I think in general we want revocation to be an intentional action, or we risk people accidentally taking their own site down.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
