On 10/09/2018 11:53 AM, Jacob Hoffman-Andrews wrote:
Also, I would add a caveat that this type of URL design is only
necessary for properties that the CA considers secret. For instance,
Let's Encrypt does not consider its number of accounts secret, and
assigns serially incrementing IDs to account URLs.
I'll send a PR later today tweaking this section.
Here's a PR improving the correlations section of security concerns:
https://github.com/ietf-wg-acme/acme/pull/463
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
