Having the token also lets the validation server operator specify which names the key is being authorized for. I might have virtual hosting box with 200 names on it; I don't want to authorize any given key for all of them.
On Mon, Mar 21, 2016 at 12:51 PM, Ilari Liusvaara <[email protected]> wrote: > On Mon, Mar 21, 2016 at 09:42:38AM +0100, Philipp Junghannß wrote: > > hello, I have a little proposal: > > > > https://github.com/ietf-wg-acme/acme/issues/88 > > > > in short, I see not THAT much reason to use a completely random string > for > > the challenges, I think it would be better to just use your account key. > > the only thing random keys are is increase annoyance when you cannot work > > automatically (try manually posting 14 challenges from SSH to your web > > folder and you'll get my point) > > Yes, I agree that using account keys would be better. However, the CA > requirements (set by CAB Forum) for validation either require: > > - Random string > - Hash of final key to issue (which wouldn't work in ACME due to > authorize-issue design). > > > > -Ilari > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
