[doing reply-all, and replying to IETF-secretariat just makes spam] I think that ACME Server will want to tell clients about popular profiles. They should be available to the client.
The ACME Server can well have any number of other profiles that it might accept under various privately determined circumstances. For instance, it might have legacy versions of profiles that it no longer wants in circulation, but which have not yet expired. They are grandfathered. Yes, a client with the 2025 RedGreen profile ought to switch to the 2026 BlueYellow profile (with some augmentation to key size or whatever) at some point. A new client who asks for a 100 day certificate on November 1 would not be given the 2025 RedGreen profile, but the 2026 BlueYellow one. Tough. An existing client, discovering their private key is compromised on November 10, might still be able to get the 2025 RedGreen profile when it asks for an early renewals due to compromise. -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
