On 03/31/2016 02:27 PM, Jacob Hoffman-Andrews wrote: > I'd like to propose some changes to how we do account key roll-over. I > think the current approach is too complex. The current version is > included below for reference. > > Instead I'd like to propose: > > To update the key on a registration object, POST a double-signed JOSE > object to the registration URL, with the field "key" containing the new > key, in JWK format. > > The double-signed object should have two signatures: one from the old > key, and one from the new key. This ensures that the key rollover is > authorized by the existing account holder, and also proves that the > requester possesses the private key corresponding to the new key. > > What do you all think? > > Relatedly, since we are introduce a self-signature to prove possession > of the new key, we probably want to introduce the same guarantee on > initial account creation. One easy way to achieve this would be to > require that the "jwk" field be provided in the protected header, rather > than in the protected or unprotected header as is allowed today. I've posted a PR for this change, tweaked slightly to use a separate resource: https://github.com/ietf-wg-acme/acme/pull/139.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
