All, In a recent draft I created for using ACME for non-web-PKI verification [1] I see that there are many similarities with an earlier draft for email verification [2]. In that email protocol, the challenge token is split into two parts which arrive at the email validation agent through two paths: token-part1 via the validation channel, and token-part2 via the ACME channel. Is there a technical reason why the token is split into two parts like this? Is replying with the proper corresponding Key Authorization not sufficient to prove ownership of the email address? I don't see any similar challenge token splitting in other ACME drafts and I don't see anything obvious in [2] to indicate why the split is useful or needed. I also didn't see any related discussion earlier on the ACME mailing list. Thank you, Brian S.
[1] https://datatracker.ietf.org/doc/html/draft-sipos-acme-dtnnodeid-00 [2] https://datatracker.ietf.org/doc/html/draft-ietf-acme-email-smime-08
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
