We should specify a little more about how hard clients should retry when they are inside the suggested window, and when the suggested window is in the past. Right now we say "If the selected time is in the past, the client SHOULD attempt renewal immediately." But I can see that leading to implementations that retry really aggressively regardless of failures.
What we want is more like: "If the selected time is in the past, the client SHOULD consider the certificate eligible for immediate renewal, subject to the client's existing error backoffs and retry intervals."
We should specify a little more about how hard clients should retry when they are inside the suggested window, and when the suggested window is in the past. Right now we say "If the selected time is in the past, the client SHOULD attempt renewal immediately." But I can see that leading to implementations that retry really aggressively regardless of failures. What we want is more like: "If the selected time is in the past, the client SHOULD consider the certificate eligible for immediate renewal, subject to the client's existing error backoffs and retry intervals."