Re: [Acme] Revoking certificates issued by an unknown ACME server

> This isn't sanely automatable. > > It's unlikely that this will pose an issue if a human wants to figure out the > issuing server. But as things stand to automate things you'd need to maintain > a database of CAs to directory URLs. I don't see a problem with that. You've got a cert, you can

[Acme] Revoking certificates issued by an unknown ACME server

So while implementing revocation in my ACME client, I came to the following problem: how do you know which ACME server issued a certificate? Given an ACME server URL, one can obtain a certificate, but there is no reliable way to do the reverse. If you think about it, it might be desirable to be

Re: [Acme] Revoking certificates issued by an unknown ACME server

On 15 January 2016 at 17:26, Hugo Landau wrote: > This isn't sanely automatable. Correct. But it doesn't require any work to define. Do you have evidence that suggests this scenario (a certificate issued by an ACME server needs revocation by someone other than the one who