The pull request for this change is here: https://github.com/ietf-wg-acme/acme/pull/41
In the course of reviewing, I noticed that the description of recovery currently says: The client requests recovery by asking that the server send a message to one of the contact URIs registered for the account. That message indicates some action that the server requires the client's user to perform, e.g., clicking a link in an email. If the user successfully completes the server's required actions, then the server will bind the account to the new account key. What's the actual range of things that we believe the user may be asked to complete? Could the server re-use the proof-of-possession methods for baseline assignment? Reading this, it also struck me that the "clicking a link in an email" could be taken as the link to the page to which the POST request should be sent. I don't think that's what's intended here though (it's meant to be two-step, right?) regards, Ted
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
