An additional 1/2 cent from me; we intend to use ACME primarily, if not
solely, with non-DV certs.
On Fri, Sep 22, 2017, 2:51 PM Mary Barnes
wrote:
> Just to throw in my 1/2 cent. We are using ACME for non-DV certificates
> in the ATIS/SIP Forum SHAKEN framework as
Just to throw in my 1/2 cent. We are using ACME for non-DV certificates in
the ATIS/SIP Forum SHAKEN framework as detailed in ATIS-180:
Hello,
Thank you to the editors and WG for your efforts on
draft-ietf-acme-acme, it's a well written and easy to understand
draft. I do have a few comments, that need to be address by the
editors and SHEPHERD.
Please review the idnits. There are a few warnings that should be
correctable and
RE: #1 - this does help, but will require changing the spec to clarify. The
current wording does not support this behaviour and cleary indicates the
server MUST issue for any order that has been satisfied.
RE: #2 - a CA relying on the new-authz flow to avoid the cost of accepting
a CSR up front
On Fri, Sep 22, 2017 at 4:40 AM, Richard Barnes wrote:
> Daniel noted that there might be some issues with GET idempotency here, but
> I don't think this actually makes GET non-idempotent.
It's still idempotent, because doing the GET twice has the same effect
as doing it once. You