As suggested by @agwa (Andrew Ayer) on the mailing list and in the WG interim meeting, it would be useful for the renewalInfo URLs to be obtainable by means other than just being embedded in Order objects.
Options include:
put the renewalInfo url in the cert itself
put a base url in the directory, then combine that with a path slug derived from the cert itself
The former doesn't really work because there's not an available extension to use. We could define a new one, but I expect pushback against adding ~50 bytes to every cert that isn't useful to the vast majority of clients.
The latter has a few sub-options as well:
compute the slug as the fingerprint (sha-1 hash) of the whole cert
compute the slug similar to OCSP: issuer name hash, issuer pubkey hash, cert serial
We should figure out the best way to represent this, then modify the draft accordingly.
As suggested by @agwa (Andrew Ayer) on the mailing list and in the WG interim meeting, it would be useful for the renewalInfo URLs to be obtainable by means other than just being embedded in Order objects.
Options include:
The former doesn't really work because there's not an available extension to use. We could define a new one, but I expect pushback against adding ~50 bytes to every cert that isn't useful to the vast majority of clients.
The latter has a few sub-options as well:
We should figure out the best way to represent this, then modify the draft accordingly.