Skip to main content

Generating Certificate Requests for Short-Term, Automatically-Renewed (STAR) Certificates
draft-sheffer-acme-star-request-01

The information below is for an old version of the document.
Document Type Expired Internet-Draft (individual)
Authors Yaron Sheffer , Diego Lopez , Oscar Gonzalez de Dios , Antonio Pastor , Thomas Fossati
Last updated 2017-12-18 (Latest revision 2017-06-16)
Stream (None)
Formats
Expired & archived
plain text xml htmlized pdfized bibtex
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)
This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at:
https://www.ietf.org/archive/id/draft-sheffer-acme-star-request-01.txt

Abstract

This memo proposes a protocol that allows a domain name owner to delegate to a third party (such as a CDN) control over a certificate that bears one or more names in that domain. Specifically the third party creates a Certificate Signing Request for the domain, which can then be used by the domain owner to request a short term and automatically renewed (STAR) certificate. This is a component in a solution where a third-party such as a CDN can terminate TLS sessions on behalf of a domain name owner (e.g., a content provider), and the domain owner can cancel this delegation at any time without having to rely on certificate revocation mechanisms.

Authors

Yaron Sheffer
Diego Lopez
Oscar Gonzalez de Dios
Antonio Pastor
Thomas Fossati

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)