On 07/07/2017 06:42 AM, Richard Barnes wrote: > C) Instead of using *key* authorizations, use *account* > authorizations. Instead of the object being of "token.H(key)", make > it "token.H(account-url)". I like this in principle, and wish we'd adopted it several months ago. At this point, I think it's too big a change for too little benefit. The "bind keyAuthorization at challenge creation" approach has the benefit that most clients will not even notice the change. It only makes a different when key rollover and long-term pending challenges are in play, which is pretty uncommon.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
