Hi folks, There is a slight disconnect with the current specification between identifiers in newOrder/newAuthz requests and identifiers in authorization objects. The former is allowed to include wildcard domains in the value of DNS type identifiers while the latter is forbidden.
Let's Encrypt's implementation of ACME wildcard issuance guessed this might lead to confusion and introduced a non-standardized "Wildcard" boolean field in authorization objects. If true, then the identifier value in the authorization identifier is known to be the base domain corresponding to a wildcard identifier from the newOrder/newAuthz request. I think it would be beneficial to the entire ecosystem if this optional "wildcard" authz field could be standardized so I've sent a small PR: https://github.com/ietf-wg-acme/acme/pull/402 Both Certbot and ACME4J have independently bumped into this disconnect, which helps justify the need. - Daniel / cpu
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme