My concern with this is that it creates a bit of a requirement to revoke by/on that time, which doesn't seem to be the intent of ARI I think?
Also what should the precision of this time field be? day/hour/etc? On Wed, Mar 22, 2023 at 10:35 AM Andrew Ayer <a...@andrewayer.name> wrote: > I'm working on adding an ARI client to a certificate monitoring service > to notify users when one of their certificates is scheduled to be > revoked. Unfortunately, ARI doesn't currently convey whether the > suggestedWindow is mandatory (because the certificate is going to be > revoked) or merely advisory. > > I had previously thought that an end time that was earlier than the > certificate's expiration would indicate an upcoming revocation, but it > appears that Let's Encrypt's ARI endpoint routinely specifies an end > time that is ~30 days earlier than the certificate's expiration. > > I propose that the renewalInfo object contain a nullable field called > revocationTime which specifies the time the certificate is going to be > revoked, if applicable. > > Regards, > Andrew > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
