On Sun, 17 Jul 2016 19:38:40 -0700 Andrew Ayer <[email protected]> wrote:
> > [[ Open issue: There are two possible behaviors for the CA here. > > Either (a) the CA automatically issues once all the requirements are > > fulfilled, or (b) the CA waits for confirmation from the client that > > it should issue. If we allow both, we will need a signal in the > > application object of whether confirmation is required. I would > > prefer that auto-issue be the default, which would imply a syntax > > like "confirm": true ]] > > I favor auto-issuance as the only option, for client simplicity. It was noted in Berlin that the SSLMate API requires explicit confirmation to issue. The reason why is that SSLMate doesn't have challenges as a separate concept, so in SSLMate the step to issue is also the step to verify domain ownership. ACME already has separate challenges which need explicit completion, which is why I think an explicit step to issue would be redundant for ACME. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
