So there would need to be a new error type (possibly named something like "accountKeyCollision")?
If so, what would be the right HTTP code? 400 (Bad Request)? Or something else? On receiving the error, should the client either generate a different key to change to or use the account URL recovery mechanism? Would the desired response change if the key clash involved a deactivated account (whether by client or CA) instead of an active one? On Thu, Apr 20, 2017 at 3:29 PM, Zach Shepherd <[email protected]> wrote: > Given that account recovery is based on key (with or without #294 > <https://github.com/ietf-wg-acme/acme/issues/294>), it seems like > allowing multiple accounts to coexist with the same key would be > problematic. > > > It also seems like attempting to create a second account with the same key > would almost always indicate user- or client-error. > > Responding with an error seems best, but no existing error type seems > appropriate. > > ------------------------------ > *From:* Acme <[email protected]> on behalf of Logan Widick < > [email protected]> > *Sent:* Thursday, April 20, 2017 9:35 AM > *To:* ACME WG > *Subject:* [Acme] Multiple Accounts with Same Key > > All, > > How should a server respond if a client is trying to perform an action > that would result in multiple active accounts having the same account key? > For example: > > - Sending a key-change request with a newKey that is already in use by > another account > - (If https://github.com/ietf-wg-acme/acme/issues/294 > > <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_ietf-2Dwg-2Dacme_acme_issues_294&d=DwMFaQ&c=uilaK90D4TOVoH58JNXRgQ&r=Z9jmRNJFc0_mrYgZ7k4FWDuC1AsqA1UJKUYIM6ZnnNk&m=fT5vYOMkmme0438ks680s1E87y3_9uzpVRXo68BKP0g&s=RQZTzj8SNgzWJCM0DOIr88G0VC9ETYS7ZMt_QKVTT1I&e=> > is > merged into master) Sending a new-account request (that doesn't have the > new "recovery" field or has the new field set to false) with a key that is > already used by another account > > Should the server respond with an error code? Allow multiple accounts with > the same key to coexist? Do something else? > > Sincerely, > > Logan Widick >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
