It's unclear to me whether an ACME CA is allowed to issue a cert with
a superset of identifiers that were requested in the order. I see the
language:
> The server MUST return an error if it cannot fulfill the request as
> specified, and MUST NOT issue a certificate with contents other than
> those requested.
The “and MUST NOT” clause means that both parts are required to be true. So if
you ask for A B and you are given A B C then the server was not compliant.
_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
