Re: [Acme] Authorizations and Certificates in Registrations
Hugo Landau <hlandau@devever.net> Sun, 06 December 2015 00:36 UTC
Return-Path: <hlandau@devever.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7F6A1A6FFE for <acme@ietfa.amsl.com>; Sat, 5 Dec 2015 16:36:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SOCoFM2EDc8Y for <acme@ietfa.amsl.com>; Sat, 5 Dec 2015 16:36:02 -0800 (PST)
Received: from umbriel.devever.net (umbriel.devever.net [149.202.51.241]) by ietfa.amsl.com (Postfix) with ESMTP id 9DAB61A1A34 for <acme@ietf.org>; Sat, 5 Dec 2015 16:36:02 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by umbriel.devever.net (Postfix) with ESMTP id A43401C855; Sun, 6 Dec 2015 01:36:01 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=devever.net; h= user-agent:in-reply-to:content-disposition:content-type :content-type:mime-version:references:message-id:subject:subject :from:from:date:date:received:received; s=mimas; t=1449362161; x=1467551522; bh=P++0HKgo+1Gem9Th4n4fZzXF74MNpKD4b04QAq3wb0E=; b= REoAEMWPQS3D7SeTXurgdFEfsWxAETN2QzOdtzX5mRz4yk0Q2s3F/xjNziiQapfc mYftPKJ/Yey3eLne5Sn8OHDGfW+nWMC0Q6je+68a7IgCOLHv7UXp++aohxK8O/7S V5l/eGykX3HglgKIb/08ZVoAGA2REMIoiScg4ptm/+ZczGmK8sI/OMpHjSuyAMtb g/1aV6lpq/OSnPjhrwi53kBnbHE1pFIWM1b3JfQXi5J5v73/CcmSMpk1b4R4hBU/ AHeLoj9+nfEq2yTtS1CXuCl0JqU8BX6BMD0asWFeprvpDHsxYKi+7qbfHh4g3/9h ph212rJvFpv5K1LE6KrgpQ==
Received: from umbriel.devever.net ([127.0.0.1]) by localhost (umbriel.devever.net [127.0.0.1]) (amavisd-new, port 10026) with LMTP id BwWiQczwo4il; Sun, 6 Dec 2015 01:36:01 +0100 (CET)
Received: from andover (localhost [127.0.0.1]) by umbriel.devever.net (Postfix) with SMTP id 6846C1C854; Sun, 6 Dec 2015 01:36:01 +0100 (CET)
Date: Sun, 06 Dec 2015 00:36:01 +0000
From: Hugo Landau <hlandau@devever.net>
To: Niklas Keller <me@kelunik.com>
Message-ID: <20151206003601.GA32274@andover>
References: <CANUQDCjv6oVAyFNm8pQfmEzEJ+s+HsAS7OkV5H3U1X8JWHaRNA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CANUQDCjv6oVAyFNm8pQfmEzEJ+s+HsAS7OkV5H3U1X8JWHaRNA@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/6MrrRoGgysfb_fApIaJufoBV1fE>
Cc: acme@ietf.org
Subject: Re: [Acme] Authorizations and Certificates in Registrations
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Dec 2015 00:36:06 -0000
On Sat, Dec 05, 2015 at 07:10:43PM +0100, Niklas Keller wrote: > Hello, > what's the reason why "authorizations" and "certificates" are optional in > registration objects? They should both not be optional IMO, because they > can be used nicely to lower the load on the CA, because clients can reuse > prior authorizations and even download lost certificates easily. This > makes also revocation easier, because you can simply list all valid > certificates for a given account key. > Regards, Niklas Indeed. My own client keeps a note of obtained authorizations and their expiration dates and certificate URLs. What might be nice is a function to find valid authorizations and certificates by hostname, so that clients can quickly look for objects satisfying their requirements. Servers are likely to index this sort of thing for rate limiting purposes anyway.
- [Acme] Authorizations and Certificates in Registr… Niklas Keller
- Re: [Acme] Authorizations and Certificates in Reg… Jacob Hoffman-Andrews
- Re: [Acme] Authorizations and Certificates in Reg… Niklas Keller
- Re: [Acme] Authorizations and Certificates in Reg… Hugo Landau
- Re: [Acme] Authorizations and Certificates in Reg… Niklas Keller