The spec has a number of places that call for a random string: nonces,
tokens, session ids, the `r' and `s' values in DVSNI and DNS challenges.
They are described slightly differently in different places, and some
are encoded as base64, but others are encoded as hex (e.g. when they
need to be a DNS label). This is a bit confusing.
Proposal: Define `random string' once, and replace each field
description that needs one with a reference to that definition.
Consolidate all random string encodings on hex.
Proposed language:
Random String: A hex-encoded 128-bit random value, output from a CSPRNG.
...
token (required, string): A Random String
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
