Here you go: https://github.com/ietf-wg-acme/acme/pull/220
On Fri, Dec 2, 2016 at 2:14 PM, Richard Barnes <[email protected]> wrote: > > > On Fri, Dec 2, 2016 at 1:30 PM, Jacob Hoffman-Andrews <[email protected]> > wrote: > >> >> > Richard Barnes wrote: >> >> An implementation such as you describe would also violate the >> semantics of >> >> the "authorization" field. The authorizations listed are supposed to >> be >> >> those that the CA used to issue the certificate. Note the past tense >> >> there; these are the authorizations that were considered at the time of >> >> issuance, not now. So replacing them with updated ones is not helpful. >> Okay, I'm convinced that the server should take steps to make sure the >> list is immutable, however: >> >> On 11/29/2016 08:25 PM, Fraser Tweedale wrote: >> > I see no reason why clients should be burdened (by way of ``MUST'') >> > with detecting a condition that will not arise with compliant >> > servers, and is unlikely to cause practical issues if it does occur >> > after a certificate has been issued. >> I agree with this. This makes sense as a server requirement rather than >> a client requirement. >> > > Yep, sounds good to me. I'm going to merge #208, then handle this as a > follow-on. Expect a PR shortly. > > >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
