[Acme] question regarding -subdomains-00 section 5

Wed, 08 Dec 2021 14:26:13 -0800 

Briefly looking at the flows of section 5 I do have the following
questions/comments.

       | POST /challenge            |           |
       |--------------------------->|           |
       |                            | Verify    |
       |                            |---------->|
       | 200 status=valid           |           |
       |<---------------------------|           |


I believe the 200 response is the response to the POST / Challenge
extrapolating the POST-as-GET to the order resource.
My understanding is that the purpose of the POST is to indicate the
challenge can be checked by the ACME server. It has a challenge url as well
as an empty JSON payload {}.
The POST-as-GET purpose would be to check the status of the authorization
resource. It has an new-order url and a void payload.

If the 200 status=valid is a response to a POST /challenge, I am wondering
if that is a common practice for ACME server to delay the response of a
POST /challenge and to have the client inferring the 200 status=valid will
be reflected in the authorization and later in the order with a
status=ready or valid.- assuming the the order requires a single
authorization. When multiple authorizations are involved, the ACME client
would need to keep track of those. I might also have missed this in 8555.


I do have a similar question regarding the finalize order exchange.


Beginning of page 12, given the text on page 11, and the introduction to
step 2, it seems maybe clearer to set the status of the authorization
object to "valid".

STEP 2:

"""
 As an authorization object already exists for the parent ADN of the
   Domain Namespace, the server replies with an order object with a
   status of "valid" that includes a link to the existing "valid"
   authorization object.
"""

I have the impression an order has its status set to valid once the
certificate has been issued. In STEP 2, my understanding is that
authorization has been validated and the order has not been finalized, so I
would have expected a status set to ready.

I have the same issue in STEP 3.

Yours,
Daniel

-- 
Daniel Migault
Ericsson

_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme

Reply via email to