Hi,
I am exploring the idea of using ACME for issuing certificates for
endpoints using the Pre-Authorization process, and I have a question about
that process.
I reviewed the editor's version published May 22, 2017.
Section 7.4.1. Pre-Authorization states that after the client sends a
request and received a valid response, that the client would then follow
the process of section 7.5 Identifier Authorization. This seems to assume
that the client will be able to complete the authorization process before
it sends the certificate issuance request, and without the involvement of
the virtual server (or endpoint in my case).
What is the expected behavior of the server if the client sends the
certificate issuance request after it sends the pre-authorization request
but
before it completes the pre-authorization process?
Also, since the pre-authorization process is expected to deal with multiple
servers/endpoints requesting certificates, should this process be enhanced
to support bulk requests?
Nits:
* Section 7.3.5, first paragraph, second line:
A "bind" word is missing between the words "to" and "an"
* Section 7.4.1,
- second paragraph, second sentence: "case" should be "cases".
- When the server builds the authorization object, the document is
stating that the response would include "challenges" and "combinations".
Remove the "combinations" as it is not being used.
* Section 7.5.1, the Request URIs in the examples:
Should not this be /acme/authz/1234/0?
Regards,
Rifaat
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
