This might be a little orthogonal, but what about the signal being some
manner of "last updated" or "last modified" time for the ARI response
itself? Generally that could be the issuance time of the certificate.
That doesn't even have to be a field in the response document, we could
utilize the HT
nation URL is given? The
> current ARI proposal looks identical to the ACME client no matter if it is a
> regular scheduled renewal, or an exceptional renewal, which makes it harder
> to introduce bugs in the ACME clients for the exceptional case.
>
> Den tor. 10. feb. 2022 kl. 05.3
While ARI is clearly intended for automated usage, its ease of
construction permits interested third parties with knowledge of a
certificate to request the ARI information as well as the
certificate's subscriber. This is a feature, not a bug, as it permits
another useful use case:
Imagine a certif
Hi Andy,
I'm not sure I follow exactly what the format of this token would be, or
what message(s) in the protocol you'd like to add it to. Perhaps you can
make some specific recommendations - even if they're tentative examples -
for the WG to look at and reason through?
Thanks!
J.C.
On Sun, Aug
On Mon, Mar 21, 2016 at 3:45 PM, Niklas Keller wrote:
> Will it be possible to standardize all names? Other CAs may use other rate
> limits. So should `RateLimit-Name` be a code or a human readable message?
My guess is that getting an exhaustive list of rate limits would be
difficult, and that im
Niklas,
When there are multiple kinds of rate limits affecting the current
transaction, would you imagine that these headers should only
illustrate the most restrictive? For example, Let's Encrypt has both
"per-FQDN" and "per-Registered Domain" limits active now, each with a
different state.
I'd
Richard,
I have reviewed both PRs on Github; I've only minor comments on the PoP
challenge removal; r+ (assuming consensus).
One observation that I do have regarding the 'account-mgmt' link is that
the placement of this URI in the directory means that it is only useful for
recovery scenarios as i
Hugo,
There's a concept on the new DV ballot called a Request Token which could
accomplish this: a structure somehow incorporating the subject public key
that is eventually used in the certificate.
The Request Token currently is only defined using the subject public key, but
could be expanded to
pletes the TLS-SNI challenge per spec via the
Authorization endpoint
6. Client creates a CSR for example.com using KP_final
7. Client downloads and installs the CA-signed certificate, using
KP_final as the key
J.C. Jones
On Thu, Feb 25, 2016 at 12:46 PM, Ilari Liusvaara
wrote:
> On Thu, Fe
mail/validation/2016-February/000209.html
3) https://cabforum.org/pipermail/validation/2016-February/000210.html
--
J.C. Jones
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
twork, but they are very high. If you
run into any of them, feel free to ping me off-list.
- J.C. Jones
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
11 matches
Mail list logo