Thank Thomas
Even being late, it is useful to know that the authors have considered this
aspect.
Regards and thank you for the work done for this document
-éric
On 08/10/2019, 12:19, "Thomas Fossati" <thomas.foss...@arm.com> wrote:
Hi Éric,
Apologies for the late reply.
On 03/10/2019, 15:21, "Éric Vyncke via Datatracker" <nore...@ietf.org>
wrote:
> Thank you for the work put into this document. While I am balloting
> "no objection", I support Alexey's DISCUSS.
>
> I am also wondering what is the impact of the increased rate of
> request to the ACME server. While sections 4 and 5 answered most of
> the questions popping up in my mind when reading the document; I am
> still concerned that going from a 90 days to a 3 days validity is
> probably multiplying the load by 30 on ACME server, are the free
> existing ACME server ready to continue their free services?
This is a very good point. Unfortunately I have no figures WRT the cost
split between issuance and the authorization/validation phases, so I
don't know whether 30x is actually the right multiplier.
Regardless, I think the main shift here is about trading the cost of
automatic renewal (timer, signature, state update, and the glue logics
that goes with it) vs maintaining the revocation infrastructure (CRL and
OCSP) for EE certs. (Note that revo is not just a cost on the CA but on
clients and servers as well.)
Hopefully, we have given enough knobs to an ACME CA to reasonably
dimension the offered service, should they decide to provide STAR to
their users.
Cheers, thank you!
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended recipient,
please notify the sender immediately and do not disclose the contents to any
other person, use it for any purpose, or store or copy the information in any
medium. Thank you.
_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
