-Original Message-
From: Acme On Behalf Of Andrew Ayer
Sent: Wednesday, March 22, 2023 4:30 PM
To: Corey Bonnell
Cc: acme@ietf.org
Subject: Re: [Acme] ARI: Indication if certificate will be revoked
Hi Corey,
On Wed, 22 Mar 2023 17:55:59 +
Corey Bonnell wrote:
> Hi Andrew,
> Is th
This might be a little orthogonal, but what about the signal being some
manner of "last updated" or "last modified" time for the ARI response
itself? Generally that could be the issuance time of the certificate.
That doesn't even have to be a field in the response document, we could
utilize the
On Wed, 22 Mar 2023 14:16:40 -0700
Aaron Gable wrote:
> I'm not totally sold on the utility of including extra information in
> the ARI response, if that extra information will not modify client
> behavior. If the purpose is to modify human behavior, then I believe
> the current explanationURL
I'm not totally sold on the utility of including extra information in the
ARI response, if that extra information will not modify client behavior. If
the purpose is to modify human behavior, then I believe the current
explanationURL is sufficient. Adding a machine-readable problem document
that
On Thu, 23 Mar 2023 01:55:06 +0900
Seo Suchan wrote:
> I think it's pretty safe to say IFF ARI time changes from what it's
> set just after certificate creation, you could guess there will be
> revocation for that leaf certificate.
I don't think that's a safe assumption - the CA could be
Hi Corey,
On Wed, 22 Mar 2023 17:55:59 +
Corey Bonnell wrote:
> Hi Andrew,
> Is the purpose of the "revocationTime" field such that ACME client
> behavior would be different than the recommended replacement
> time-selection algorithm in section 4.1, or is it to provide richer
> metadata
On Wed, 22 Mar 2023 12:46:46 -0400
Amir Omidi wrote:
> My concern with this is that it creates a bit of a requirement to
> revoke by/on that time, which doesn't seem to be the intent of ARI I
> think?
>
> Also what should the precision of this time field be? day/hour/etc?
The same as the
e@ietf.org
Subject: [Acme] ARI: Indication if certificate will be revoked
I'm working on adding an ARI client to a certificate monitoring service to
notify users when one of their certificates is scheduled to be revoked.
Unfortunately, ARI doesn't currently convey whether the suggestedWindow is
mand
IIRC it was dual purpose: state some randomish time to reduce load spike
at 12:00AM or mass renewal after mass revocation event, and order renew
when revocation is imminent.
I think it's pretty safe to say IFF ARI time changes from what it's set
just after certificate creation, you could
My concern with this is that it creates a bit of a requirement to revoke
by/on that time, which doesn't seem to be the intent of ARI I think?
Also what should the precision of this time field be? day/hour/etc?
On Wed, Mar 22, 2023 at 10:35 AM Andrew Ayer wrote:
> I'm working on adding an ARI
I'm working on adding an ARI client to a certificate monitoring service
to notify users when one of their certificates is scheduled to be
revoked. Unfortunately, ARI doesn't currently convey whether the
suggestedWindow is mandatory (because the certificate is going to be
revoked) or merely
11 matches
Mail list logo