Amir Omidi <[email protected]> wrote: > It is supposed to be. However there are clients that create a new account > for each certificate issuance attempt but they’re not following the spec.
Thank you: care to name names?
Do you know where/how certbot keeps this key?
(I'm thinking specifically, that this might wind up in a Secure Element or
TPM, and it ought to be the thing that any kind remote attestation is hung on)
> The account is how things like rate limit increases, or binding an account
> to an external service takes place.
I thought as much.
I don't think 8555 is very clear about:
1) that this key ought to be long-term.
2) that this key MUST NOT be the same as the CSR signing key.
I'll look again, and if appropriate I might file an errata.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
