%% You should probably cite rfc9115 instead of this I-D. @techreport{ietf-acme-star-delegation-07, number = {draft-ietf-acme-star-delegation-07}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-acme-star-delegation/07/}, author = {Yaron Sheffer and Diego Lopez and Antonio Pastor and Thomas Fossati}, title = {{An ACME Profile for Generating Delegated Certificates}}, pagetotal = 44, year = 2021, month = mar, day = 26, abstract = {This memo defines a profile of the Automatic Certificate Management Environment (ACME) protocol by which the owner of an identifier (e.g., a domain name) can allow a third party to obtain an X.509 certificate such that the certificate subject is the delegated identifier while the certified public key corresponds to a private key controlled by the third party. A primary use case is that of a Content Delivery Network (CDN, the third party) terminating TLS sessions on behalf of a content provider (the owner of a domain name). The presented mechanism allows the owner of the identifier to retain control over the delegation and revoke it at any time. A key property of this mechanism is it does not require any modification to the deployed TLS ecosystem.}, }