RFC 8739

Support for Short-Term, Automatically Renewed (STAR) Certificates in the Automated Certificate Management Environment (ACME), March 2020

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Also available: XML file for editing
 
Status:
PROPOSED STANDARD
Authors:
Y. Sheffer
D. Lopez
O. Gonzalez de Dios
A. Pastor Perales
T. Fossati
Stream:
IETF
Source:
acme (sec)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC8739

Discuss this RFC: Send questions or comments to the mailing list acme@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 8739


Abstract

Public key certificates need to be revoked when they are compromised, that is, when the associated private key is exposed to an unauthorized entity. However, the revocation process is often unreliable. An alternative to revocation is issuing a sequence of certificates, each with a short validity period, and terminating the sequence upon compromise. This memo proposes an Automated Certificate Management Environment (ACME) extension to enable the issuance of Short-Term, Automatically Renewed (STAR) X.509 certificates.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search