No objections here.
Regards,
Andrew
On Thu, 30 Nov 2017 10:22:56 -0800
Jacob Hoffman-Andrews wrote:
> I agree with this change. It's a good plan to not try and pre-specify
> things like OOB that aren't on anyone's roadmap, because that leaves
> the space open for a better specification once som
On 11/30/2017 02:53 PM, Tim Hollebeek wrote:
> My recollection from various CA/Browser discussions is that CAs are *not*
> actually required to keep around CSRs. Am I wrong?
I may be misremembering. I thought they were required to log proof of
the subscriber's possession of the private key, but yo
My recollection from various CA/Browser discussions is that CAs are *not*
actually required to keep around CSRs. Am I wrong?
Most CAs do, because it is the easiest way to log proof of possession of the
private key, and because it is useful for a variety of other auditing
activities, but other met
On 11/30/2017 02:34 PM, Richard Barnes wrote:
> As Jacob points out, CAs are already required to keep around CSRs in
> audit logs.
You missed an important nuance: CAs are not required to keep around CSRs
in an online database for live querying on the web. It is much more
expensive to store a CSR i
I would like to keep it around. Part of the idea of the order and
authorization objects is to provide some possibility of accounting for how
a certificate was issued. Removing the "csr" would remove some of that
transparency.
As Jacob points out, CAs are already required to keep around CSRs in a
>
> So my preference would be to remove the "csr" field from order objects,
> since it doesn't serve any purpose.
I agree. I don't think it makes sense to echo it back to the client that
sent it. +1 to removing.
On Thu, Nov 30, 2017 at 4:01 PM, Jacob Hoffman-Andrews wrote:
> On 11/30/2017 12:
On 11/30/2017 12:58 PM, Logan Widick wrote:
> In the new finalizeURL approach to orders, do order objects need to
> contain a CSR after a user attempted to finalize the order, or after
> the order is finalized? Would the CA have to store the CSR after it's
> posted, or after the certificate is issu
In the new finalizeURL approach to orders, do order objects need to contain
a CSR after a user attempted to finalize the order, or after the order is
finalized? Would the CA have to store the CSR after it's posted, or after
the certificate is issued?
>From the text, I assume that the body of the f
I agree with this change. It's a good plan to not try and pre-specify
things like OOB that aren't on anyone's roadmap, because that leaves the
space open for a better specification once someone wants to implement it.
On 11/30/2017 09:39 AM, Clint Wilson wrote:
>
> I agree with the reasoning and de
I agree with the reasoning and decision to remove this.
While I think it's possible for this challenge type to become useful in the
future, I don't have any justification for keeping it in in the meantime.
As Daniel notes, it's straightforward to add it back if needed.
On Thu, Nov 30, 2017, 10:25
> Daniel, please do not merge this until we determine WG consensus
Of course :-) I don't have any merge privileges!
On Thu, Nov 30, 2017 at 11:42 AM, Salz, Rich wrote:
> Does anyone disagree with Daniel’s reasoning? If so, please speak up
> before next Friday.
>
>
>
> Daniel, please do not me
Does anyone disagree with Daniel’s reasoning? If so, please speak up before
next Friday.
Daniel, please do not merge this until we determine WG consensus.
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
Hi folks,
In a previous thread[0] surveying ACME implementations two commercial CAs
(BuyPass and DigiCert) outlined that their ACME integrations use external
account binding but **not** the Out-of-Band (OOB) challenge type.
As Clint from DigiCert points out[1] having a binding with an external
ac
13 matches
Mail list logo
