This overspecifies things. When someone requests to create a new authorization object (or requests to create a new order object that would necessitate creation of new authorization objects), it is up to server policy whether to reuse an existing authorization or not. For instance a server might have a policy of never reusing authorization objects (that is, doing validation from scratch every time), or it might have a policy of reusing only pending authorization objects, or only ones created in the last N hours or days.
So I think we should not accept this errata as it stands.
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme