> This isn't sanely automatable.
>
> It's unlikely that this will pose an issue if a human wants to figure out the
> issuing server. But as things stand to automate things you'd need to maintain
> a database of CAs to directory URLs.
I don't see a problem with that. You've got a cert, you can
So while implementing revocation in my ACME client, I came to the
following problem: how do you know which ACME server issued a
certificate?
Given an ACME server URL, one can obtain a certificate, but there is no
reliable way to do the reverse.
If you think about it, it might be desirable to be
On 15 January 2016 at 17:26, Hugo Landau wrote:
> This isn't sanely automatable.
Correct. But it doesn't require any work to define. Do you have
evidence that suggests this scenario (a certificate issued by an ACME
server needs revocation by someone other than the one who