> It seems what we'd really want for that is the ability to query for all current authorisations and to be able to revoke them even if you aren't in possession of the account key that obtained them (but are in possession of the key which most recently performed authz).
Another way to achieve this: We could specify that getting a new authorization for a domain invalidates all previous authorizations for that domain. That way, if your account key is compromised, you create a new key and re-authorize all the domains you previously had. This has the advantage of not requiring any new operations. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
