When we allow the issued certificate to revoke itself, this has major
implications, in particular for delegated certificates. But even for
regular certs, it is the account's private key that's more secure (it is
managed by the security personnel where such exist, it is not deployed
on multiple servers) and that is the certificate that should be
preferred for revocation. So I suggest to use MAY for revocation by the
issued certificate's private key, instead of SHOULD.
Also, including the actual certificate in the request means that the CA
needs to perform multiple preliminary checks that would not be required
if the client sent the certificate URL (or its serial number). The CA
MUST parse the certificate, MUST validate it, MUST ensure that it was
issued by the current CA, and then MUST identify it in its database of
issued certs. More complexity, more opportunities for security holes.
Thanks,
Yaron
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
