Closed robstradling closed 6 months ago
Great suggestion, and I want to add/clarify:
ISTM that the "...should...higher priority...bypass rate limits" language is geared towards high volume issuers
It's also about cramming significantly more issuances into a narrow window that may push a CA beyond its issuance capacity, leaving some clients unable to renew in time.
Could we rephrase this text to something like "What to do with this information is left entirely to server policy, but here are some suggestions:", followed by some bullet points?
Makes sense to me.
It's also about cramming significantly more issuances into a narrow window that may push a CA beyond its issuance capacity, leaving some clients unable to renew in time.
Only if the server makes the ARI window narrower than it can handle. As always, it is up to the server to ensure that it can handle its traffic volume and fail gracefully -- which many servers use rate limits to accomplish today -- and the existence of ARI does nothing to change that.
Current text:
I realise this is a not-upper-case "should" and it's prefixed by "It is suggested", but TBH I'd characterise this language as being slightly more prescriptive than something like "What to do with this information is left entirely to server policy, but here are some suggestions:". Is that the intent?
Also, ISTM that the "...should...higher priority...bypass rate limits" language is geared towards high volume issuers, which not all server operators are. Indeed, a server might not have any mechanisms for assigning higher priority or for bypassing rate limits, but might want to "use this information" in other ways. For example, some CAs tend to extend the lifetime of a renewed certificate by the amount of time left on the predecessor certificate, which makes sense in cases where there is monetary value associated with the renewal.
Could we rephrase this text to something like "What to do with this information is left entirely to server policy, but here are some suggestions:", followed by some bullet points?