On Wed, Oct 25, 2017 at 4:40 AM, Prasheel Soni <[email protected]> wrote:
> Hi Devs, > > I recently tried to implement the 'new-order' process in Node.JS and came > across several confusions which are required to be cleared before we can > move on: > Hi Prasheel, In case it's helpful, here's my node.js implementation of an earlier draft of ACME: https://github.com/bifurcation/rocket-skates You can also look at the Go implementation that Let's Encrypt is working on: https://github.com/letsencrypt/pebble > 1. Are authorization resources created only when a new-order request comes > to the server or they are stored in the database and returned when a > new-order request id encountered? > You're going to want to store them in a database either way. If you're going to support new-order, you should be prepared to create authorizations in response to a new-order request. > 2. If the resources are created in runtime, then how do I proceed? Should > I first create challenge resources in challenges table and then create > authorization resources or vice-versa? > That's up to your internal architecture. You should ensure that each challenge is associated to a a unique authorization. > 3. Is it defined or mentioned somewhere that how many authorizations > should be sent to a client in response to a new-order request? > That's up to the server's policy. Typically, there would be one authorization per identifier in the CSR. > 4. Is it defined or mentioned somewhere that how many challenges should be > there in an authorization and what should be their types? > That's up to the server's policy. Typically, the server offers whatever challenges it considers to be sufficient to prove authorization. > 5. Do we consider an authorization as valid when the client validates even > one of the challenges sent to him? > Yes. "... a server should consider any one of the challenges sufficient to make the authorization valid" https://ietf-wg-acme.github.io/acme/draft-ietf-acme-acme.html#rfc.section.7.1.4 > I have just started to study ACME and thought to implement it. Any help on > any of these questions will be really appreciable and helpful. > Good luck! --Richard > > Thanks in advance!! > > Regards > *Prasheel* > > > > > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
