I'm working on adding an ARI client to a certificate monitoring service to notify users when one of their certificates is scheduled to be revoked. Unfortunately, ARI doesn't currently convey whether the suggestedWindow is mandatory (because the certificate is going to be revoked) or merely advisory.
I had previously thought that an end time that was earlier than the certificate's expiration would indicate an upcoming revocation, but it appears that Let's Encrypt's ARI endpoint routinely specifies an end time that is ~30 days earlier than the certificate's expiration. I propose that the renewalInfo object contain a nullable field called revocationTime which specifies the time the certificate is going to be revoked, if applicable. Regards, Andrew _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
