Automatic software threat updating
Suggested changes should be submitted as pull requests at https://github.com/ietf-wg-acme/acme. Editorial changes can be managed in Git Hub, but any substantive change should be discussed on the ACME mailing list ([email protected]).
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Informal usability tests by the authors indicate that webmasters often need 1-3 hours to obtain and install a certificate for a domain.
Even in the best case, the lack of published, standardized mechanisms presents an obstacle to the wide deployment of HTTPS and other PKIX-dependent systems because it inhibits mechanization of tasks related to certificate issuance, deployment, and revocation.
Certificates in PKI using X.509 (PKIX) are used for a number of purposes, the most significant of which is the authentication of domain names.
Thus, certificate authorities in the Web PKI are trusted to verify that an applicant for a certificate legitimately represents the domain name(s) in the certificate.
Different types of certificates reflect different kinds of CA verification of information about the certificate subject.The protocol also provides facilities for other certificate management functions, such as certificate revocation.RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH: The source for this draft is maintained in Git Hub.This document describes an extensible framework for automating the issuance and domain validation procedure, thereby allowing servers and infrastructural software to obtain certificates without user interaction.Use of this protocol should radically simplify the deployment of HTTPS and the practicality of PKIX authentication for other protocols based on Transport Layer Security (TLS) [RFC5246].