> On Jul 6, 2016, at 11:01, Richard Barnes <[email protected]> wrote: > > In preparation for the impending draft deadline, I'm trying to finalize close > this out. It seems like there's some positive reaction to the "revise the > flow" idea, so I wanted to make a concrete proposal: > > 1. Add a section specifying the order of operations for the client: > - Register if you haven't done so before > - Send a new-cert request > - Get back preconditions; satisfy them > - Retry the new-cert request > 2. Remove the new-authz URL
I like this flow, the precondition system is much cleaner than having the client figure out what authorizations are needed and strictly better in cases like wildcards, renewals, and multi-SAN certs. Once you have preconditions, there is no reason to have multiple paths through the API to do the same thing, so removing new-authz makes a lot of sense. +1 Jonathan _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
