Re: [Acme] ARI: Indication if certificate will be revoked

This might be a little orthogonal, but what about the signal being some manner of "last updated" or "last modified" time for the ARI response itself? Generally that could be the issuance time of the certificate. That doesn't even have to be a field in the response document, we could utilize the

Re: [Acme] Renewal Information extension: Proposal to add an Explanation URL

is given? The > current ARI proposal looks identical to the ACME client no matter if it is a > regular scheduled renewal, or an exceptional renewal, which makes it harder > to introduce bugs in the ACME clients for the exceptional case. > > Den tor. 10. feb. 2022 kl. 05.38 skrev J.C.

[Acme] Renewal Information extension: Proposal to add an Explanation URL

While ARI is clearly intended for automated usage, its ease of construction permits interested third parties with knowledge of a certificate to request the ARI information as well as the certificate's subscriber. This is a feature, not a bug, as it permits another useful use case: Imagine a

Re: [Acme] Add a special token parameter in ACME registration

Hi Andy, I'm not sure I follow exactly what the format of this token would be, or what message(s) in the protocol you'd like to add it to. Perhaps you can make some specific recommendations - even if they're tentative examples - for the WG to look at and reason through? Thanks! J.C. On Sun, Aug

Re: [Acme] Exposed rate limits

On Mon, Mar 21, 2016 at 3:45 PM, Niklas Keller wrote: > Will it be possible to standardize all names? Other CAs may use other rate > limits. So should `RateLimit-Name` be a code or a human readable message? My guess is that getting an exhaustive list of rate limits would be

Re: [Acme] Exposed rate limits

Niklas, When there are multiple kinds of rate limits affecting the current transaction, would you imagine that these headers should only illustrate the most restrictive? For example, Let's Encrypt has both "per-FQDN" and "per-Registered Domain" limits active now, each with a different state. I'd

Re: [Acme] Alignment with Changes to the CABForum Domain Validation Requirements

Hugo, There's a concept on the new DV ballot called a Request Token which could accomplish this: a structure somehow incorporating the subject public key that is eventually used in the certificate. The Request Token currently is only defined using the subject public key, but could be expanded to

Re: [Acme] Alignment with Changes to the CABForum Domain Validation Requirements

icate 5. Client completes the TLS-SNI challenge per spec via the Authorization endpoint 6. Client creates a CSR for example.com using KP_final 7. Client downloads and installs the CA-signed certificate, using KP_final as the key J.C. Jones On Thu, Feb 25, 2016 at 12:46 PM, Ilari Liusvaar

[Acme] Let's Encrypt's Staging Network for Client Implementations

, but they are very high. If you run into any of them, feel free to ping me off-list. - J.C. Jones ___ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme