In reviewing a PR today noting that a client can find the account URI for a key pair using a new-account request with an empty payload [1], Jacob and I thought it might be a little more robust to use an explicit signal. I've posted a PR that adds a "recovery" field to indicate to the server that it should not create an account if one does not exist already. Which is a little ironic in a request to an endpoint designed to create an account, but saves us creating a whole new endpoint.
https://github.com/ietf-wg-acme/acme/pull/296 Please let me know if you have any comments on the approach here. Thanks, --Richard
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
