Skip to main content

Generating Certificate Requests for Short-Term, Automatically-Renewed (STAR) Certificates
draft-sheffer-acme-star-request-02

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Yaron Sheffer , Diego Lopez , Oscar Gonzalez de Dios , Antonio Pastor , Thomas Fossati
Last updated 2018-12-31 (Latest revision 2018-06-29)
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

This memo proposes a protocol that allows a domain name owner to delegate to a third party (such as a CDN) control over a certificate that bears one or more names in that domain. Specifically the third party creates a Certificate Signing Request for the domain, which can then be used by the domain owner to request a short term and automatically renewed (STAR) certificate. This is a component in a solution where a third-party such as a CDN can terminate TLS sessions on behalf of a domain name owner (e.g., a content provider), and the domain owner can cancel this delegation at any time without having to rely on certificate revocation mechanisms.

Authors

Yaron Sheffer
Diego Lopez
Oscar Gonzalez de Dios
Antonio Pastor
Thomas Fossati

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)