Use of Short-Term, Automatically-Renewed (STAR) Certificates to Delegate Authority over Web Sites

Document Type Replaced Internet-Draft (individual)
Authors Yaron Sheffer  , Diego Lopez  , Oscar de Dios  , Thomas Fossati 
Last updated 2017-05-27
Replaces draft-sheffer-acme-star-lurk
Replaced by RFC 8739
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-acme-star
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This memo proposes two mechanisms that work in concert to allow a third party (e.g., a content delivery network) to terminate TLS sessions on behalf of a domain name owner (e.g., a content provider). The proposed mechanisms are:


Yaron Sheffer (
Diego Lopez (
Oscar de Dios (
Thomas Fossati (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)