> On Mar 5, 2018, at 5:58 PM, Matthew D. Hardeman wrote:
>
>> On Mar 5, 2018, at 3:50 PM, Felipe Gasper wrote:
>>
>> Quick point: the alleviation of polling would go for authz status as well as
>> to certificate delivery.
>>
>> A certificate order that has 10 domains needs to poll for the st
> On Mar 5, 2018, at 3:50 PM, Felipe Gasper wrote:
>
>
>> On Mar 5, 2018, at 1:13 PM, Matthew D. Hardeman
>> wrote:
>>
>> Especially with CT logging being a pragmatic requirement, time-to-delivery
>> for certificates is likely to increase (slightly) rather than decrease.
>
> Quick point:
Sure. Plenty of ways to do that.
If your primary concern is issuance, then you don't even need server
push, you can just long-poll. In HTTP/1.1, that's gross because it
ties up a connection and has some disgusting keep-alive properties.
In h2 there is no opportunity cost to worry about, the conn
Thomson: Could h2 push replace some of the polling here?
On Mon, Mar 5, 2018 at 4:50 PM, Felipe Gasper
wrote:
>
> > On Mar 5, 2018, at 1:13 PM, Matthew D. Hardeman
> wrote:
> >
> > Especially with CT logging being a pragmatic requirement,
> time-to-delivery for certificates is likely to increas
> On Mar 5, 2018, at 1:13 PM, Matthew D. Hardeman wrote:
>
> Especially with CT logging being a pragmatic requirement, time-to-delivery
> for certificates is likely to increase (slightly) rather than decrease.
Quick point: the alleviation of polling would go for authz status as well as to
cer
My working experience is primarily outside the PKI space, but I can offer some
perspectives on scalability and deployment architecture issues.
WebSocket is entirely appropriate for real-time or near-real-time bidirectional
communications of an asynchronous nature.
The overhead of WebSocket as a
> On Mar 5, 2018, at 9:35 AM, Jörn Heissler
> wrote:
>
> On Mon, Mar 05, 2018 at 09:11:02 -0500, Felipe Gasper wrote:
>> Regarding alternative formats, I think ACME over WebSocket would be a great
>> thing. Replay-nonce would go away, and clients wouldn’t need to poll for the
>> certificate u
On Mon, Mar 05, 2018 at 09:11:02 -0500, Felipe Gasper wrote:
> Regarding alternative formats, I think ACME over WebSocket would be a great
> thing. Replay-nonce would go away, and clients wouldn’t need to poll for the
> certificate unless the connection dropped. The server could send the
> certi
For what it’s worth:
Regarding alternative formats, I think ACME over WebSocket would be a great
thing. Replay-nonce would go away, and clients wouldn’t need to poll for the
certificate unless the connection dropped. The server could send the
certificate as soon as it’s ready. A simple handshak
