Support for Short-Term, Automatically Renewed Certificates in the Automated Certificate Management Environment
RFC 8739, “Support for Short-Term, Automatically Renewed Certificates in the Automated Certificate Management Environment”, is a Proposed Standard document published in March 2020 by Y. Sheffer, D. Lopez, O. Gonzalez de Dios, A. Pastor Perales, T. Fossati. The canonical text is published by the RFC Editor.
Abstract
Public key certificates need to be revoked when they are compromised, that is, when the associated private key is exposed to an unauthorized entity. However, the revocation process is often unreliable. An alternative to revocation is issuing a sequence of certificates, each with a short validity period, and terminating the sequence upon compromise. This memo proposes an Automated Certificate Management Environment (ACME) extension to enable the issuance of Short-Term, Automatically Renewed (STAR) X.509 certificates.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 8739 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 8738 Automated Certificate Management Environment IP Identifier Validation Extension
- RFC 8740 Using TLS 1.3 with HTTP/2
- RFC 8737 Automated Certificate Management Environment TLS Application- Layer Protocol Negotiation Challenge Extension
- RFC 8741 Ability for a Stateful Path Computation Element to Request and Obtain Control of a Label Switched Path
- RFC 8736 PIM Message Type Space Extension and Reserved Bits
- RFC 8742 Concise Binary Object Representation Sequences
- RFC 8735 Scenarios and Simulation Results of PCE in a Native IP Network
- RFC 8743 Multiple Access Management Services Multi-Access Management Services