Agreed. The removal greatly simplifies the protocol. As you noted, the addition of the "application requirements" achieves the same intended result.
On Wed, Aug 17, 2016 at 12:41 PM, Richard Barnes <[email protected]> wrote: > SGTM. I never like "combinations" much anyway :) I put one editorial > comment in the PR. > > > On Wed, Aug 17, 2016 at 2:22 PM, Jacob Hoffman-Andrews <[email protected]> > wrote: > >> https://github.com/ietf-wg-acme/acme/pull/171 >> >> This is a fairly complicated part of the protocol, and not used in >> practice. For instance, in Let's Encrypt's implementation, there are >> always three challenges, any one of which may be fulfilled by the client. >> >> After this change, all challenges are considered to be combined with an >> "OR." That is, any challenge within an authorization may be completed to >> make the authorization valid. >> >> Authorizations within the new-application object are considered to be >> combined with an "AND." That is, all of them must become valid before >> the certificate will be issued. The combination of the two means that we >> have similar expressiveness as before, even without the combinations >> array. >> >> Thoughts? >> >> _______________________________________________ >> Acme mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/acme >> > > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
