RFC 8739

Support for Short-Term, Automatically Renewed (STAR) Certificates in the Automated Certificate Management Environment (ACME), March 2020

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Status:
PROPOSED STANDARD
Authors:
Y. Sheffer
D. Lopez
O. Gonzalez de Dios
A. Pastor Perales
T. Fossati
Stream:
IETF
Source:
acme (sec)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC8739

Discuss this RFC: Send questions or comments to acme@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

Public key certificates need to be revoked when they are compromised, that is, when the associated private key is exposed to an unauthorized entity. However, the revocation process is often unreliable. An alternative to revocation is issuing a sequence of certificates, each with a short validity period, and terminating the sequence upon compromise. This memo proposes an Automated Certificate Management Environment (ACME) extension to enable the issuance of Short-Term, Automatically Renewed (STAR) X.509 certificates.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader