It's unclear to me whether an ACME CA is allowed to issue a cert with
    a superset of identifiers that were requested in the order. I see the
    language:
    
    > The server MUST return an error if it cannot fulfill the request as
    > specified, and MUST NOT issue a certificate with contents other than
    > those requested.

The “and MUST NOT” clause means that both parts are required to be true.  So if 
you ask for A B and you are given A B C then the server was not compliant.

_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

Reply via email to