Hi, On 07/01/18 16:50, Ilari Liusvaara wrote: >> 4. >> >> The status of this challenge. Possible values are: "pending", >> "valid", and "invalid". >> >> Again no definition of the meaning. I think the server should reflect if >> the challenge has been 'responded' by the client. This would need an >> extra field like "processing" or "validating". > > Well, authorization that has not been responded to is "pending". > Authorization that is is "processing/validating", "valid" or "invalid".
Yes, but I was talking about challenges, not authorizations. I think, eventually this part should be fixed: challenges (required, array of objects): For pending authorizations, the challenges that the client can fulfill in order to prove possession of the identifier. For final authorizations (in the "valid" or "invalid" state), the challenges that were used. The authorization status of 'processing' is not covered here. The server can forget about the other challenges as soon as the authorization is no longer pending i.e. 'processing'. Trying another challenge after failure isn't allowed anyways. If there is only one challenge remaining, it is clear that this is the one, that is validated/processed by the server. Best, Sophie _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
