Support for Short-Term, Automatically-Renewed (STAR) Certificates in Automated Certificate Management Environment (ACME)
draft-ietf-acme-star-03
| Document | Type | Expired Internet-Draft (acme WG) | |
|---|---|---|---|
| Authors | Yaron Sheffer , Diego Lopez , Oscar Gonzalez de Dios , Antonio Pastor , Thomas Fossati | ||
| Last updated | 2018-09-04 (Latest revision 2018-03-03) | ||
| Replaces | draft-sheffer-acme-star | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Formats |
Expired & archived
plain text
xml
htmlized
pdfized
bibtex
|
||
| Reviews |
OPSDIR Last Call review
(of
-06)
Has Nits
|
||
| Stream | WG state | In WG Last Call | |
| Document shepherd | (None) | ||
| IESG | IESG state | Expired | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-ietf-acme-star-03.txt
Abstract
Public-key certificates need to be revoked when they are compromised, that is, when the associated private key is exposed to an attacker. However the revocation process is often unreliable. An alternative to revocation is issuing a sequence of certificates, each with a short validity period, and terminating this sequence upon compromise. This memo proposes an ACME extension to enable the issuance of short- term and automatically renewed (STAR) certificates. [RFC Editor: please remove before publication] While the draft is being developed, the editor's version can be found at https://github.com/yaronf/I-D/tree/master/STAR.
Authors
Yaron Sheffer
Diego Lopez
Oscar Gonzalez de Dios
Antonio Pastor
Thomas Fossati
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)