This might be a little orthogonal, but what about the signal being some
manner of "last updated" or "last modified" time for the ARI response
itself? Generally that could be the issuance time of the certificate.
That doesn't even have to be a field in the response document, we could
utilize the
is given? The
> current ARI proposal looks identical to the ACME client no matter if it is a
> regular scheduled renewal, or an exceptional renewal, which makes it harder
> to introduce bugs in the ACME clients for the exceptional case.
>
> Den tor. 10. feb. 2022 kl. 05.38 skrev J.C.
While ARI is clearly intended for automated usage, its ease of
construction permits interested third parties with knowledge of a
certificate to request the ARI information as well as the
certificate's subscriber. This is a feature, not a bug, as it permits
another useful use case:
Imagine a
Hi Andy,
I'm not sure I follow exactly what the format of this token would be, or
what message(s) in the protocol you'd like to add it to. Perhaps you can
make some specific recommendations - even if they're tentative examples -
for the WG to look at and reason through?
Thanks!
J.C.
On Sun, Aug
On Mon, Mar 21, 2016 at 3:45 PM, Niklas Keller wrote:
> Will it be possible to standardize all names? Other CAs may use other rate
> limits. So should `RateLimit-Name` be a code or a human readable message?
My guess is that getting an exhaustive list of rate limits would be
Niklas,
When there are multiple kinds of rate limits affecting the current
transaction, would you imagine that these headers should only
illustrate the most restrictive? For example, Let's Encrypt has both
"per-FQDN" and "per-Registered Domain" limits active now, each with a
different state.
I'd
Hugo,
There's a concept on the new DV ballot called a Request Token which could
accomplish this: a structure somehow incorporating the subject public key
that is eventually used in the certificate.
The Request Token currently is only defined using the subject public key, but
could be expanded to
icate
5. Client completes the TLS-SNI challenge per spec via the
Authorization endpoint
6. Client creates a CSR for example.com using KP_final
7. Client downloads and installs the CA-signed certificate, using
KP_final as the key
J.C. Jones
On Thu, Feb 25, 2016 at 12:46 PM, Ilari Liusvaar
, but they are very high. If you
run into any of them, feel free to ping me off-list.
- J.C. Jones
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme