Ryan Sleevi <[email protected]> wrote: >> This seems to make the ACME server keep a bunch of state itself (across >> multiple HTTPS/TLS connections), while I suspect that most of us would like >> the client to be responsible for keeping that authorization around. >> >> Would you agree with this?
> I'm not sure I understand this. Isn't it already the case today that ACME
> servers necessarily need to track this state?
Yes, but not necessarily across TLS connections.
One connects, gets a challenge, sets it up (DNS or HTTP/S), waits for the
authorization check to complete, and sends an order.
I don't know what letsencrypt does, but my understanding is that I could do
all of this on the same connection, and afterward, aside from the certificate
that I append to a database, there is no other moving parts.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
