Generating Certificate Requests for Short-Term, Automatically-Renewed (STAR) Certificates
draft-sheffer-acme-star-request-01
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Expired".
Expired & archived
|
|
|---|---|---|---|
| Authors | Yaron Sheffer , Diego Lopez , Oscar Gonzalez de Dios , Antonio Pastor , Thomas Fossati | ||
| Last updated | 2017-12-18 (Latest revision 2017-06-16) | ||
| RFC stream | (None) | ||
| Formats | |||
| Additional resources | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This memo proposes a protocol that allows a domain name owner to delegate to a third party (such as a CDN) control over a certificate that bears one or more names in that domain. Specifically the third party creates a Certificate Signing Request for the domain, which can then be used by the domain owner to request a short term and automatically renewed (STAR) certificate. This is a component in a solution where a third-party such as a CDN can terminate TLS sessions on behalf of a domain name owner (e.g., a content provider), and the domain owner can cancel this delegation at any time without having to rely on certificate revocation mechanisms.
Authors
Yaron Sheffer
Diego Lopez
Oscar Gonzalez de Dios
Antonio Pastor
Thomas Fossati
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)