> -----Original Message----- > From: Acme <[email protected]> On Behalf Of Ilari Liusvaara > > And it seems like that can be extended that to cases where ACME does not > require POP by just having the ACME server immediately accept the pseudo- > authorization.
I think if the server doesn't want PoP, they should just omit the challenge, instead of doing a pseudo-authorization. Including a "do nothing" authorization just to satisfy the protocol police has the risk of confusing people and making them think PoP has been performed when it hasn't. -Tim _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
