Hi Éric, Apologies for the late reply.
On 03/10/2019, 15:21, "Éric Vyncke via Datatracker" <[email protected]> wrote: > Thank you for the work put into this document. While I am balloting > "no objection", I support Alexey's DISCUSS. > > I am also wondering what is the impact of the increased rate of > request to the ACME server. While sections 4 and 5 answered most of > the questions popping up in my mind when reading the document; I am > still concerned that going from a 90 days to a 3 days validity is > probably multiplying the load by 30 on ACME server, are the free > existing ACME server ready to continue their free services? This is a very good point. Unfortunately I have no figures WRT the cost split between issuance and the authorization/validation phases, so I don't know whether 30x is actually the right multiplier. Regardless, I think the main shift here is about trading the cost of automatic renewal (timer, signature, state update, and the glue logics that goes with it) vs maintaining the revocation infrastructure (CRL and OCSP) for EE certs. (Note that revo is not just a cost on the CA but on clients and servers as well.) Hopefully, we have given enough knobs to an ACME CA to reasonably dimension the offered service, should they decide to provide STAR to their users. Cheers, thank you! IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
