On 21/04/2017 11:48, "TLS on behalf of Ilari Liusvaara" <tls-boun...@ietf.org on behalf of ilariliusva...@welho.com> wrote: On Fri, Apr 21, 2017 at 10:37:21AM +0200, Hannes Tschofenig wrote: > > What is also not clear to my why some of the certificate management > > protocols, which provide the necessary level of automation, cannot be > > used with CAs to request short-lived certificates. > > AFAIK, that would cause issues with CT and OCSP signing.
Speaking as one of the co-authors of [1]: it is not completely clear to me what is the limitation in CT that would prevent it to cope with the pervasive use of short-term certificates. Can anyone shed a light on this? Cheers, thanks, t [1] https://tools.ietf.org/id/draft-sheffer-acme-star-00.txt _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
