> > So my preference would be to remove the "csr" field from order objects, > since it doesn't serve any purpose.
I agree. I don't think it makes sense to echo it back to the client that sent it. +1 to removing. On Thu, Nov 30, 2017 at 4:01 PM, Jacob Hoffman-Andrews <[email protected]> wrote: > On 11/30/2017 12:58 PM, Logan Widick wrote: > > In the new finalizeURL approach to orders, do order objects need to > > contain a CSR after a user attempted to finalize the order, or after > > the order is finalized? Would the CA have to store the CSR after it's > > posted, or after the certificate is issued? > Good question. Previously, we expected that the CA had to store the CSR > because it would need the public key in order to issue. With > finalizeURL, we can get rid of that requirement. CAs are required to > record CSRs in their audit logs, but there is no formal requirement to > keep them in an online database. So my preference would be to remove the > "csr" field from order objects, since it doesn't serve any purpose. > > Other thoughts? > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
