On Tue, 26 Jul 2016 23:03:18 +0200 Richard Barnes <[email protected]> wrote:
> Given those trade-offs, I wonder if some sort of intermediate approach > would be better. The best thing that's come to me so far is to fork > the application process: > > - Add an "identifiers" field to the application object > - Each application MUST have exactly one of "csr" and "identifiers" > - If "csr" is present, then do what's in the draft now > - If "identifiers" is present, then do the same dance, but don't > issue the certificate > > Does that sound sane to folks? It still seems slightly gross to me, > because of the switching based on the presence of fields. Anyone have > better ideas? This seems sane, and better than option 1. The switching is gross, but perhaps it can be made less gross with this logic: - "identifiers" MUST be present. - "csr" MAY be present. - If "csr" is present, its identifiers MUST match "identifiers". - A certificate will only be issued if "csr" is present. Regards, Andrew _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
