Right now, the dns-01, http-01, and tls-sni-02 challenges require a payload containing the keyAuthorization. However, there isn't any need for this. For these challenges, the client only needs to convey "I am ready to response to the validation requests." The server is capable of, and should, calculate the keyAuthorization on its own.
Removing this would mean that triggering validation for one of these three challenge types would consist of POSTing a signed, empty payload to the challenge URL. Thoughts on removing the keyAuthorization field from challenge POSTs? We would of course still be using the keyAuthorization to produce the value returned via HTTP, TLS, or DNS requests. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
