On Wed, 22 Mar 2023 14:16:40 -0700 Aaron Gable <[email protected]> wrote:
> I'm not totally sold on the utility of including extra information in > the ARI response, if that extra information will not modify client > behavior. If the purpose is to modify human behavior, then I believe > the current explanationURL is sufficient. Adding a machine-readable > problem document that would only be read by machines that are not > part of the ACME client/server relationship feels odd to me. There are a lot of ACME implementations and deployments and it will take a long time for them to all support ARI. If monitoring programs could alert operators that they need to urgently trigger a renewal, it would help reduce the impact of mass revocation events, which was a major motivation for ARI. Consumption by monitoring programs was the reason for constructing the ARI URL from the issuer and serial number. However, ARI is not useful for monitoring programs without an indication of whether the renewal window is due to revocation. Regards, Andrew _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
