On 8 August 2016 at 12:39, Richard Barnes <r...@ipv.sx> wrote: > So I'm honestly not that convinced that we need versioning at all here. > Maybe we could get away with just versioning the directory? (As I think the > original issue proposed :) )
I believe that it was PHB who requested this originally, the rationale being that you might create a new version of the same resource/request that looked similar, but had different semantics. Rather than rely on having us (in all our possible future incarnations) not doing that, a version indicator would make signatures invalid. If that is a requirement that you accept, then a much simpler scheme than the one you wrote up is possible. Versioning the directory isn't sufficient to achieve that goal though. The first part of your PR would work though: include a version, and require that it be checked. _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme