Hi Jason, I replied on the GitHub issue as well, along the same lines as Rich: the protocol should not attempt to specify policy.
To add a little more detail: I'm definitely a big advocate of "real" account deletion, where all records are actually purged after a certain amount of time. At past jobs, I've worked hard to make sure that happens. However, the balance of privacy versus public value is very different in the case of certificate issuance. The data in a certificate is not private - it's intended to be trusted by the public. That's why Let's Encrypt logs all certificates to CT. Other data, such as authorizations, are part of records proving that a certificate authority did its due diligence before issuing a certificate. Not only would it be inappropriate to purge these at user request, it would not, in general, be practical - many certificate authorities back up issuance records to long-term offline storage. Thanks, Jacob _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
