One potential issue I can see with embedding certificates with the currently proposed format directly into orders are alternative chains. Chains usually do not change between orders, so they could be kept with separate URIs for cachability and less bloat in the order response.
e.g. "certificate": base64url(derEncodedCertificate), "chains": [ "https://.../chain";, "https://.../alternate-chain"; ] Regards, Niklas
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
