> what's the reason why "authorizations" and "certificates" are optional in registration objects? They should both not be optional IMO, because they can be used nicely to lower the load on the CA, because clients can reuse prior authorizations and even download lost certificates easily. This makes also revocation easier, because you can simply list all valid certificates for a given account key.
This is a good question. I would support making it mandatory in the protocol. We haven't yet implemented it in Let's Encrypt, but it's on the roadmap and it's an important feature. Speaking of which, I've been meaning to suggest a fix to this feature. Right now it specifies a list to be embedded in the new-reg object. It's likely that some registrations will have very large lists of authorizations and/certificates, making them prohibitive to embed directly in the registration. Instead, I propose that there be a URL for authorizations and a URL for certificates for each registration. These URLs would return a JSON list of URLs for the relevant objects, and possibly a Link header with rel=next for pagination if the number of results is above a (server-configured) threshold. Pagination is a very common approach to large data sets in web services. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
