Hi Richard, Take a look at the following exchange with Jacob: https://www.ietf.org/mail-archive/web/acme/current/msg02085.html
I think the draft should be clear on the response when the server reuses existing pending authorization: 1. Is it still 201 Created? or should it be 200 OK? 2. Would the payload include the "challenges" object as per the response to the /new-authz request, or would the payload still include the "authorization" object as per the response to the /new-order? Regards, Rifaat On Tue, Jul 18, 2017 at 11:44 AM, Richard Barnes <[email protected]> wrote: > > > On Fri, Jun 23, 2017 at 3:33 PM, Rifaat Shekh-Yusef <[email protected] > > wrote: > >> I do not believe that I got an answer to my pre-authorization question >> here: >> https://www.ietf.org/mail-archive/web/acme/current/msg01991.html >> >> What would be the response of the server if the client sends the >> certificate issuance request after it sends the pre-authorization request >> but >> before it completes the pre-authorization process? >> >> Would the server reply with the same challenges it provided in the >> response to the pre-authorization request? >> > > Hey Rifaat, > > Sorry for missing this. I think the short answer is that it's up to the > server. Either way, the server is instructing the client to fulfill > certain instructions. I don't think this really needs much specification; > the most would be a recommendation that the server should re-use existing > pending challenges. > > --Richard > > > >> >> Regards, >> Rifaat >> >> >> >> On Wed, Jun 21, 2017 at 3:20 PM, Ted Hardie <[email protected]> wrote: >> >>> Howdy, >>> >>> We'd like to start a short working group last call on the changes made >>> in response to the previous last call. It will end June 28th, 2017, any >>> time zone (to accommodate any changes needed before the draft deadline the >>> following Monday). >>> >>> Please review carefully, but please respect the discussion which have >>> already been held by focusing on new issues or new information about the >>> issues that have been resolved. >>> >>> thanks, >>> >>> Ted, Rich, (and now) Yoav >>> >>> >>> >>> ---------- Forwarded message ---------- >>> From: <[email protected]> >>> Date: Wed, Jun 21, 2017 at 12:00 PM >>> Subject: [Acme] I-D Action: draft-ietf-acme-acme-07.txt >>> To: [email protected] >>> Cc: [email protected] >>> >>> >>> >>> A New Internet-Draft is available from the on-line Internet-Drafts >>> directories. >>> This draft is a work item of the Automated Certificate Management >>> Environment of the IETF. >>> >>> Title : Automatic Certificate Management Environment >>> (ACME) >>> Authors : Richard Barnes >>> Jacob Hoffman-Andrews >>> James Kasten >>> Filename : draft-ietf-acme-acme-07.txt >>> Pages : 74 >>> Date : 2017-06-21 >>> >>> Abstract: >>> Certificates in PKI using X.509 (PKIX) are used for a number of >>> purposes, the most significant of which is the authentication of >>> domain names. Thus, certificate authorities in the Web PKI are >>> trusted to verify that an applicant for a certificate legitimately >>> represents the domain name(s) in the certificate. Today, this >>> verification is done through a collection of ad hoc mechanisms. This >>> document describes a protocol that a certification authority (CA) and >>> an applicant can use to automate the process of verification and >>> certificate issuance. The protocol also provides facilities for >>> other certificate management functions, such as certificate >>> revocation. >>> >>> >>> The IETF datatracker status page for this draft is: >>> https://datatracker.ietf.org/doc/draft-ietf-acme-acme/ >>> >>> There are also htmlized versions available at: >>> https://tools.ietf.org/html/draft-ietf-acme-acme-07 >>> https://datatracker.ietf.org/doc/html/draft-ietf-acme-acme-07 >>> >>> A diff from the previous version is available at: >>> https://www.ietf.org/rfcdiff?url2=draft-ietf-acme-acme-07 >>> >>> >>> Please note that it may take a couple of minutes from the time of >>> submission >>> until the htmlized version and diff are available at tools.ietf.org. >>> >>> Internet-Drafts are also available by anonymous FTP at: >>> ftp://ftp.ietf.org/internet-drafts/ >>> >>> _______________________________________________ >>> Acme mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/acme >>> >>> >>> _______________________________________________ >>> Acme mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/acme >>> >>> >> >> _______________________________________________ >> Acme mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/acme >> >> >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
