Richard, I have reviewed both PRs on Github; I've only minor comments on the PoP challenge removal; r+ (assuming consensus).
One observation that I do have regarding the 'account-mgmt' link is that the placement of this URI in the directory means that it is only useful for recovery scenarios as it is not customizable; In non-recovery scenarios, it could be a useful thing after a signed request, to instead give back a URI that contains a one-time value that would help tie a browser session to a given account key. I don't see a good endpoint for such a thing at present, so the hour is probably too late for such a change. My $0.02, - J.C. 2016-03-21 3:14 GMT+01:00 Richard Barnes <[email protected]>: > >> Hey all, >> >> I've published a two PRs that I think should be non-controversial, but >> they're significant enough that I wanted to run them by the group. I would >> appreciate it if you could take a look and give a quick thumbs up / thumbs >> down in Github (at the indicated URIs). If you have any substantive >> comments, please reply in this thread. >> >> #101 Remove proof-of-possession challenge >> https://github.com/ietf-wg-acme/acme/pull/101 >> >> #102 Replace in-band account recovery with `meta` >> https://github.com/ietf-wg-acme/acme/pull/102 >> >> I'm happy to hold any of these if they need more discussion, but if >> there's no disagreement before the I-D deadline at midnight UTC, I'll go >> ahead and merge them before I post -02. >> >> Thanks, >> --Richard >> >> >> _______________________________________________ >> Acme mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/acme >> >> > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
