Hi Hannes, On 24/04/2017 16:39, "Hannes Tschofenig" <hannes.tschofe...@gmx.net> wrote: > On 04/21/2017 12:48 PM, Ilari Liusvaara wrote: > > Regarding clients, I think the draft specifies LURK as backup plan > > for clients that don't support subcerts (which causes some extra > > latency if triggered). > I didn't got that impression.
Ilari is correct I think -- the fallback to LURK is what the draft in its current version seems to imply. > Isn't this something ACME was trying to solve as well? We have proposed an extension to ACME that handles the full lifecycle of the delegation, including the automatic renewal of the trail of short term certificates. It works in a pretty straightforward way and doesn't require any modification in the endpoints' stack. Cheers, t _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
