It's unclear to me whether an ACME CA is allowed to issue a cert with a superset of identifiers that were requested in the order. I see the language: > The server MUST return an error if it cannot fulfill the request as > specified, and MUST NOT issue a certificate with contents other than > those requested.
The “and MUST NOT” clause means that both parts are required to be true. So if you ask for A B and you are given A B C then the server was not compliant. _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme