I think the draft is in very good shape. Unfortunately I didn't have as much time to go through it as I would have liked, but I did find two things that are probably worth fixing:
1. "ACME clients SHOULD send a User-Agent header" I think there's no value in omitting it, so it should be changed to a MUST. 2. Using the same key pair for both the account key pair and the certificate key pair is a really bad idea. This should either be mentioned in the Operational Considerations, or banned outright. -Tim
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme