FWIW, I previously expressed support for proactive issuance because I thought it would lay the groundwork for a better renewal process, especially for short-lived certificates. However, this idea never gained traction and the other necessary bits weren't added. Instead, STAR seems to be handling this use case.
Therefore, I no longer see a compelling reason for proactive issuance. If it's causing problems it should be removed. I also agree with Roland that issuing upon an unauthenticated GET request is a bad idea. Regards, Andrew _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
