“Support for Short-Term, Automatically-Renewed (STAR) Certificates in ACME”.https://twitter.com/Cryptoki/status/1165299507304816642 …
-
-
In practice the reason they see that is they have been using legacy CAs that frequently experience hours of issuance outage. Making the issuance asynchronous doesn’t meaningfully change that a CA outage means you don’t get your new cert.
-
It seems like batch signing certs and pushing them out to CDNs will always be fundamentally more reliable than an Internet-facing signing-on-demand service, which can be affected by unexpected usage spikes, DoS attacks, buggy clients causing retry storms, etc.
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.