Re: [Acme] AD review of draft-ietf-acme-acme

An additional 1/2 cent from me; we intend to use ACME primarily, if not solely, with non-DV certs. On Fri, Sep 22, 2017, 2:51 PM Mary Barnes wrote: > Just to throw in my 1/2 cent. We are using ACME for non-DV certificates > in the ATIS/SIP Forum SHAKEN framework as

Re: [Acme] AD review of draft-ietf-acme-acme

Just to throw in my 1/2 cent. We are using ACME for non-DV certificates in the ATIS/SIP Forum SHAKEN framework as detailed in ATIS-180:

[Acme] AD review of draft-ietf-acme-acme

Hello, Thank you to the editors and WG for your efforts on draft-ietf-acme-acme, it's a well written and easy to understand draft. I do have a few comments, that need to be address by the editors and SHEPHERD. Please review the idnits. There are a few warnings that should be correctable and

Re: [Acme] Revisiting Proactive Issuance & new-order CSR

RE: #1 - this does help, but will require changing the spec to clarify. The current wording does not support this behaviour and cleary indicates the server MUST issue for any order that has been satisfied. RE: #2 - a CA relying on the new-authz flow to avoid the cost of accepting a CSR up front

Re: [Acme] Revisiting Proactive Issuance & new-order CSR

On Fri, Sep 22, 2017 at 4:40 AM, Richard Barnes wrote: > Daniel noted that there might be some issues with GET idempotency here, but > I don't think this actually makes GET non-idempotent. It's still idempotent, because doing the GET twice has the same effect as doing it once. You