Hey ACME folks, I just updated the editor's draft to change the name of the "proof of possession of a prior key" challenge to "proof-of-possession-01" (from "proofOfPossession-01"). But that got me thinking -- do we actually need this challenge?
If I recall correctly, this was added to the initial version of the spec because some folks from Let's Encrypt thought that they would use it as an extra check for high-value domains with known, existing certificates. However, they don't seem to have gotten around to implementing it. Is anyone aware of CAs out there that would use "proof-of-possession-01"? That is, CAs that keep track of existing certificates and require an applicant for a domain with an existing cert to prove that they hold the corresponding private key? If not, maybe we can streamline the spec by removing that challenge type. It can always get re-added in a future spec if there turns out to be a need. --Richard _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
