On 09/19/2017 01:34 PM, Logan Widick wrote: > Would it be possible to extract the key and identifiers from the CSR, > add the key to the database if it doesn't already exist, find or > create the authorizations for the identifiers, not store the CSR, and > then assemble the certificate from the (valid) authorizations and key > later? Note that the size of the CSR for an RSA key is about half from the signature, and half from the key. So extracting the key would only save the size of the signature, about half. Also, this wouldn't solve the more important problem, the overhead of reviewing all authzs on all related orders on finalizing each authz, when an order may have a hundred or more authzs.
I support Daniel's proposal. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
