On Mon, Jun 26, 2017 at 5:11 PM, Jacob Hoffman-Andrews <[email protected]> wrote:
> On 06/07/2017 05:50 AM, Rifaat Shekh-Yusef wrote: > > What is the expected behavior of the server if the client sends the > > certificate issuance request after it sends the pre-authorization > > request but > > before it completes the pre-authorization process? > By "certificate issuance request," I assume you mean the "new-order" > request? Yes > The server would create an order object with one or more > authorizations objects that need to be fulfilled. My point is that the pre-authorization request (i.e. new-authz) would have already created a pending authorization object with the challenges for the client. I am assuming that when the server responds to the new-order request, it would provide the same challenges provided in the new-authz request; correct? In any case, I think this should be clearly specified in the document. > Once those > authorizations became valid, the server would issue the certificate. In > other words, this is equivalent to the default flow without > pre-authorization. > > > Also, since the pre-authorization process is expected to deal with > > multiple > > servers/endpoints requesting certificates, should this process be > enhanced > > to support bulk requests? > I don't understand this question. Can you clarify? What sort of > enhancement are you imagining? > What I have in mind for this is that ACME client might be representing more than one entity when it is using the pre-authorization procedure, as specified in section 7.4.1. The use case I have in mind is to use this pre-authorization mechanism for a client to issue certificates for large number of *endpoints*. Instead of sending a new-authz request per endpoint, it might be useful to allow the client to send one request for a list of endpoints. Regards, Rifaat > > Nits: > Filed an issue: https://github.com/ietf-wg-acme/acme/issues/330 >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
