RFC 8739
Support for Short-Term, Automatically Renewed (STAR) Certificates in the Automated Certificate Management Environment (ACME), March 2020
- File formats:
- Also available: XML file for editing
- Status:
- PROPOSED STANDARD
- Authors:
- Y. Sheffer
D. Lopez
O. Gonzalez de Dios
A. Pastor Perales
T. Fossati - Stream:
- IETF
- Source:
- acme (sec)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC8739
Discuss this RFC: Send questions or comments to the mailing list acme@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 8739
Abstract
Public key certificates need to be revoked when they are compromised, that is, when the associated private key is exposed to an unauthorized entity. However, the revocation process is often unreliable. An alternative to revocation is issuing a sequence of certificates, each with a short validity period, and terminating the sequence upon compromise. This memo proposes an Automated Certificate Management Environment (ACME) extension to enable the issuance of Short-Term, Automatically Renewed (STAR) X.509 certificates.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.