Taking a look at this, I wonder a bit if we are not over-using 403. At the moment we use 403 and a reason for pre-auth failure, ToS failure, and now for algorithm signature mismatch. That's a lot of different bike sheds covered with the same paint. Maybe that uniformity is good, but , especially in this last case, I think a regular 400 + reason code is a closer fit (it's not really "forbidden" it's "fix your syntax").
Is there a strong reason to see this as "forbidden" that I'm not seeing? (As an individual, in case that's not clear) Ted On Tue, Nov 29, 2016 at 1:00 PM, Richard Barnes <[email protected]> wrote: > As I was chatting with someone about ACME today, I noticed a minor > problem: The choice of JWS signing algorithm is made by the client, but it > has to choose an algorithm that the server supports. I just posted a PR > that enables the server to refuse a JWS because it doesn't like the > signature algorithm, and indicate in the error what algorithms it would > prefer. > > https://github.com/ietf-wg-acme/acme/pull/218 > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
