| rfc9773v3.txt | rfc9773.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) A. Gable | Internet Engineering Task Force (IETF) A. Gable | |||
| Request for Comments: 9773 Internet Security Research Group | Request for Comments: 9773 Internet Security Research Group | |||
| Category: Standards Track May 2025 | Category: Standards Track June 2025 | |||
| ISSN: 2070-1721 | ISSN: 2070-1721 | |||
| ACME Renewal Information (ARI) Extension | ACME Renewal Information (ARI) Extension | |||
| Abstract | Abstract | |||
| This document specifies how an Automated Certificate Management | This document specifies how an Automated Certificate Management | |||
| Environment (ACME) server may provide suggestions to ACME clients as | Environment (ACME) server may provide suggestions to ACME clients as | |||
| to when they should attempt to renew their certificates. This allows | to when they should attempt to renew their certificates. This allows | |||
| servers to mitigate load spikes and ensures that clients do not make | servers to mitigate load spikes and ensures that clients do not make | |||
| skipping to change at line 438 ¶ | skipping to change at line 438 ¶ | |||
| query parameters in its cache key, instituting IP-based rate limits, | query parameters in its cache key, instituting IP-based rate limits, | |||
| or other general best-practice measures. | or other general best-practice measures. | |||
| Note that this protocol could exhibit undesired behavior in the | Note that this protocol could exhibit undesired behavior in the | |||
| presence of significant clock skew between the ACME client and | presence of significant clock skew between the ACME client and | |||
| server. For example, if a server places the suggested renewal window | server. For example, if a server places the suggested renewal window | |||
| wholly in the past to encourage a client to renew immediately, a | wholly in the past to encourage a client to renew immediately, a | |||
| client with a sufficiently slow clock might nonetheless see the | client with a sufficiently slow clock might nonetheless see the | |||
| window as being in the future. Similarly, a server that wishes to | window as being in the future. Similarly, a server that wishes to | |||
| schedule renewals very precisely may have difficulty doing so if some | schedule renewals very precisely may have difficulty doing so if some | |||
| clients have skewed clocks (or do no implement ARI at all). Server | clients have skewed clocks (or do not implement ARI at all). Server | |||
| operators should take this concern into account when setting | operators should take this concern into account when setting | |||
| suggested renewal windows. However, many other protocols (including | suggested renewal windows. However, many other protocols (including | |||
| TLS handshakes themselves) fall apart with sufficient clock skew, so | TLS handshakes themselves) fall apart with sufficient clock skew, so | |||
| this is not unique to this protocol. | this is not unique to this protocol. | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| 7.1. ACME Resource Type | 7.1. ACME Resource Type | |||
| IANA has added the following entry to the "ACME Resource Types" | IANA has added the following entry to the "ACME Resource Types" | |||
| End of changes. 2 change blocks. | ||||
| 2 lines changed or deleted | 2 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||