> In the WGLC thread, Russ asked: > >> In Section 6.5, should the example use different challenges for "http-01", >> "tls-sni-02", and "dns-01"? > (https://ietf-wg-acme.github.io/acme/#rfc.section.6.5) > > I assume you meant "token" here, and no, I think the token can be the same > across multiple challenges for the same authorization. Boulder (Let's > Encrypt's implementation) doesn't currently do this, but will in the future. > If you think there's a risk in this, please let us know!
I do not think it is a risk with the authorizations that have been defined. I was wondering about a situation where a client make a mistake. If a client tries to fulfill one of the authorizations and for some reason is unable to do so completely, and then moves to another authorization, can the half-done first authorization cause a problem. Russ _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
