> Does it make sense for the server to be allowed to return multiple exclusive sets of authorizations that could lead to issuance, in order to avoid knowledge of the issuance rules in the client?
This makes sense, but I think it would add a fair amount of complexity for uncertain benefit. I'd rather not do this. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
