I think we are slowly but surely getting into the weeds on this one.
When we talk about "CDN revocation" (for lack of a better term), we mean
that after a certain date, the owner of the content:
- Does not want the CDN, or a rogue employee of the CDN, to present the
content as an authoritative source. If the user sees a big browser
warning, that would *not* look authoritative.
- Does not want the CDN to be able to MITM the site for more sensitive
traffic, such as POST messages that contain user passwords.
Short-term certs would handle this use case just fine.
And as a content owner, it's really nice to able to leave a CDN whenever
I want to, without having to rely on it to keep my secrets for a few
more years while we no longer have a business relationship.
Thanks,
Yaron
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
