On Mon, Jun 5, 2023 at 12:42 PM David Benjamin <david...@chromium.org> wrote:
> > It’s true that this would require code changes in more components. But > TLS, ACME, etc., are deployed many more times than they are implemented. > ... [snip] ... > > To ACME specifically, we definitely don’t want it to be painful for ACME > clients to implement! It’s probably a bit hard to discuss that in the > abstract, with our ACME section being just a placeholder. Perhaps, when > we’ve gotten an initial draft of that, we can figure out which bits we got > wrong and iterate on that? > Fwiw, I don't think expertise in PKI is really a concern here. I know more than most people about this problem, but less than everyone else in this thread. I don't even maintain this stuff myself, I just happen to use Google for "Managed Certificates" and never think about it... thanks, Rob
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls