{"draft":"draft-ietf-acme-star-delegation-09","doc_id":"RFC9115","title":"An Automatic Certificate Management Environment (ACME) Profile for Generating Delegated Certificates","authors":["Y. Sheffer","D. L\u00f3pez","A. Pastor Perales","T. Fossati"],"format":["HTML","TEXT","PDF","XML"],"page_count":"42","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Automated Certificate Management Environment","abstract":"This document defines a profile of the Automatic Certificate\r\nManagement Environment (ACME) protocol by which the holder of an\r\nidentifier (e.g., a domain name) can allow a third party to obtain an\r\nX.509 certificate such that the certificate subject is the delegated\r\nidentifier while the certified public key corresponds to a private\r\nkey controlled by the third party. A primary use case is that of a\r\nContent Delivery Network (CDN), the third party, terminating TLS\r\nsessions on behalf of a content provider (the holder of a domain\r\nname).  The presented mechanism allows the holder of the identifier\r\nto retain control over the delegation and revoke it at any time. \r\nImportantly, this mechanism does not require any modification to the\r\ndeployed TLS clients and servers.","pub_date":"September 2021","keywords":["Content Delivery Network","CDN"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9115","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc9115"}