Re: [Acme] New draft and DANGER

> Please review the PR as soon as possible and provide comments to the > list. Other issues or text suggestions for the draft are, of course, also > welcome. It can be useful to open an issue on the GH repo, so that things don't get lost. But please everyone, avoid the temptation to have all

Re: [Acme] New draft and DANGER

Dear WG, I opened a few PRs over the weekend that address recently-raised issues: * "Address signature reuse vulnerability" - https://github.com/ietf-wg-acme/acme/pull/6 * "Address default virtual host risks" - https://github.com/ietf-wg-acme/acme/pull/7 * "Add explicit versioning to challenges"

Re: [Acme] New draft and DANGER

On Mon, Sep 28, 2015 at 12:01 PM, Richard Barnes wrote: > Dear WG, > > * "Add explicit versioning to challenges" - > https://github.com/ietf-wg-acme/acme/pull/8 > > ​I'm not sure this quite right. If I understand the proposal correctly,

Re: [Acme] New draft and DANGER

On Mon, Sep 28, 2015 at 4:43 PM, Ted Hardie wrote: > On Mon, Sep 28, 2015 at 12:01 PM, Richard Barnes wrote: >> >> Dear WG, >> >> * "Add explicit versioning to challenges" - >> https://github.com/ietf-wg-acme/acme/pull/8 >> > > I'm not sure this quite right. If

Re: [Acme] New draft and DANGER

On 28 September 2015 at 13:43, Ted Hardie wrote: > I'm not sure this quite right. If I understand the proposal correctly, when > a client sees http-01 but understands only http-00, the idea that one is > related to the other has no meaning, as the client can only respond to >