On Tuesday, August 16, 2016, Martin Thomson <[email protected]> wrote:
> On 17 August 2016 at 06:48, Richard Barnes <[email protected]> wrote: > > a. Infer the certificate type from the CSR. For example, if the Subject > in > > the CSR has (C, O, CN), infer that the applicant wants EV. > > b. Have a field in the new-application request that the client can use to > > indicate what type of certificate, e.g., {"certType": "ev"} to indicate > EV. > > c. Have a field in the new-application request that indicates which CA > the > > applicant would like to issue the certificate, e.g., {"ca": > > "identifier-for-CA"}. > > Or have entirely separate ACME endpoints for the DV and EV CA. i.e., > https://acme.example/dv will issue DV certs, and > https://acme.example/ev will issue EV certs. > Yes, that's possible. In particular, you probably want to share new-reg and new-authz, but not new-app. So it's kind of isomorphic to (c); you just provide different new-app endpoints per CA, de mixing with URL instead of a request parameter.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
