Hi Sophie, i noted that the examples in "7.4. Applying for Certificate Issuance" are > still using CSRs.
Good catch! I'll submit a PR to address this oversight this afternoon. > Further, I didn't found explicit coverage of the case that there is a valid > authorization (say via new-authz) at the time of posting a new-order. > Should the server return "authorizations: valid" in this case and does > that imply the client can proceed with finalization immediately? That's my understanding. If a client uses the new-authz preauth flow to obtain a valid authz for "example.com" with ID "https://acme.inc/authz/1234";, and then submits a new-order for identifiers `["example.com"]` I would expect the server to return an order with `"authorizations": [" https://acme.inc/authz/1234"]`. When the client GET's each of the Authz IDs it will see all are `state: valid`, no challenges need POSTing, and finalization of the order can occur. Having mentioned new-authz: The definition of new-authz is now a subset of > new-order. Is there any reason to keep the new-authz resource at all? Would > there be any difference in using new new-order with the exact same query > without finalizing it? I agree with you that it seems like the new-authz flow is unnecessary - I believe Jacob Hoffman-Andrews has previously argued it shouldn't be included in the spec. Let's Encrypt does not intend to implement it at all for their new order-based API endpoint. If someone has a use-case for the new-authz flow that isn't addressed by new-order with finalization they should speak up in-thread - otherwise I vote it be removed. - Daniel / cpu On Tue, Dec 5, 2017 at 6:07 PM, Sophie Herold <[email protected]> wrote: > Hi, > > i noted that the examples in "7.4. Applying for Certificate Issuance" > are still using CSRs. > > Further, I didn't found explicit coverage of the case that there is a > valid authorization (say via new-authz) at the time of posting a > new-order. Should the server return "authorizations: valid" in this case > and does that imply the client can proceed with finalization immediately? > > Having mentioned new-authz: The definition of new-authz is now a subset > of new-order. Is there any reason to keep the new-authz resource at all? > Would there be any difference in using new new-order with the exact same > query without finalizing it? > > Best, > Sophie > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
