On Sun, Aug 21, 2016 at 8:32 PM, Jacob Hoffman-Andrews <[email protected]> wrote:
> On 08/21/2016 04:31 PM, Richard Barnes wrote: > > How about this as a compromise proposal: Have the JWS header contain > > *both* the account URL and the account public key. That way you get > > fast rejection based on crypto failures, and you also get protection > > against any issues related to relying on public keys alone. > This doesn't achieve the goal of making sure that ACME servers are > validating based on account data they already have, rather than > validating based on a key provided in the request. > What do you mean by "validating"? There are two types of validation to do here: 1. Validating that the signature on the message is good 2. Validating that the key belongs to a the right account for this request You can do the first of these without any knowledge of the account status of a key. Doesn't require any database lookup if you provide the key in the header. There's no harm to doing this validation without knowing whether the key is good, and there's benefit in rejecting bad signatures quickly. --Richard
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
