On Tue, 9 Aug 2016 16:55:00 -0700 Jacob Hoffman-Andrews <[email protected]> wrote:
> > I don't think there's a risk of interoperability problems if the > > protocol supports both applications and new-authz. All clients will > > need to support both applications and authorizations in any case. > > The only difference in workflow is whether the authorization is > > retrieved by POSTing to the new-authz endpoint, or by GETing a URL > > specified in the application object. > > Given the above, how would SSLMate support POSTing to a new-authz > endpoint? It wouldn't support that endpoint. According to RLB's pull request, the server can omit it from its directory if it's not supported. This means that clients can't rely on the server offering this endpoint. Although there is a risk of half-baked implementations assuming all servers support it, it seems unlikely that many would make this mistake. All clients have to go through the new-app workflow anyways, and it's easier to just let the server create authorizations for you. Regards, Andrew _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
