more clarity around delegation revocation for non-STAR certs #144

thomas-fossati · 2021-03-14T22:39:07Z

https://mailarchive.ietf.org/arch/msg/acme/XF0qZ5Ba2ldx4Dxyuyo6vUV8-FA/

Section 2.4 is not sufficient to explain the revocation processing.
Only the NDC has the private key needed to make the ACME revocation
request, but this does not get stated in the text.  Also, it is not
clear to me how the NDC knows where to send the revocation request
since the IdO is the ACME account owner.  In addition, the phrase
"would create a self-inflicted DoS" needs more explanation.

The text was updated successfully, but these errors were encountered:

* State that NDC holds the private key which can revoke the associated cert; * Explain how NDC could learn the revokeCert URL; * Reword "self-inflicted DoS". Fixes #144

thomas-fossati added ACME STAR Delegation secdir review Security Directorate last call review labels Mar 14, 2021

yaronf assigned thomas-fossati Mar 16, 2021

thomas-fossati added a commit that referenced this issue Mar 16, 2021

Increase clarity for non-STAR revocation

9b858ed

* State that NDC holds the private key which can revoke the associated cert; * Explain how NDC could learn the revokeCert URL; * Reword "self-inflicted DoS". Fixes #144

thomas-fossati mentioned this issue Mar 16, 2021

Increase clarity for non-STAR revocation #153

Merged

yaronf closed this as completed in #153 Mar 20, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

more clarity around delegation revocation for non-STAR certs #144

more clarity around delegation revocation for non-STAR certs #144

thomas-fossati commented Mar 14, 2021

more clarity around delegation revocation for non-STAR certs #144

more clarity around delegation revocation for non-STAR certs #144

Comments

thomas-fossati commented Mar 14, 2021