2015-12-05 20:38 GMT+01:00 Jacob Hoffman-Andrews <[email protected]>: > > what's the reason why "authorizations" and "certificates" are optional > in registration objects? They should both not be optional IMO, because > they can be used nicely to lower the load on the CA, because clients can > reuse prior authorizations and even download lost certificates easily. > This makes also revocation easier, because you can simply list all valid > certificates for a given account key. > > This is a good question. I would support making it mandatory in the > protocol. We haven't yet implemented it in Let's Encrypt, but it's on > the roadmap and it's an important feature. > > Speaking of which, I've been meaning to suggest a fix to this feature. > Right now it specifies a list to be embedded in the new-reg object. It's > likely that some registrations will have very large lists of > authorizations and/certificates, making them prohibitive to embed > directly in the registration. > > Instead, I propose that there be a URL for authorizations and a URL for > certificates for each registration. These URLs would return a JSON list > of URLs for the relevant objects, and possibly a Link header with > rel=next for pagination if the number of results is above a > (server-configured) threshold. Pagination is a very common approach to > large data sets in web services. >
https://github.com/ietf-wg-acme/acme/blob/master/draft-ietf-acme-acme.md#registration-objects It's already an URL, but paging isn't mentioned yet.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
