Hi, On 24/04/18 17:30, Richard Barnes wrote: >> 8.3. HTTP Challenge >> >> On receiving a response, the server constructs and stores the key >> authorization from the challenge "token" value and the current client >> account key. >> >> I'm not sure this storage step is necessary, or even visible in the >> protocol operation. (E.g., the server can calculate the key >> authorization at any time that it needs to know the value.) So you >> might want to remove this sentence. >> > There's no harm in storing it; servers can make their own decisions.
Storing the key authorization avoids interference between a pending authorization and an account key roll-over. Best, Sophie _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme