Support for Short-Term, Automatically Renewed (STAR) Certificates in the Automated Certificate Management Environment (ACME), March 2020
- File formats:
- PROPOSED STANDARD
- Y. Sheffer
O. Gonzalez de Dios
A. Pastor Perales
- acme (sec)
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
Public key certificates need to be revoked when they are compromised, that is, when the associated private key is exposed to an unauthorized entity. However, the revocation process is often unreliable. An alternative to revocation is issuing a sequence of certificates, each with a short validity period, and terminating the sequence upon compromise. This memo proposes an Automated Certificate Management Environment (ACME) extension to enable the issuance of Short-Term, Automatically Renewed (STAR) X.509 certificates.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.