Hi,
while implementing certificate revocation in an ACME client, I noticed
that the current ACME draft is very vague about errors to return when
revocation fails. The draft says "If the revocation fails, the server
returns an
error."
t
default value, i.e. the default is to do what the ACME server already
did before), and a formulation which suggests the server SHOULD respect
this parameter. I think the name "includeroot" is fine, but it could
also be "include-root" or something different.
Are there any opinions
Hi Richard,
> I was able upgrade the lego client in a pretty short patch (5 files
> changed, 26 insertions(+), 16 deletions(-)) [0]. It interoperates
> with Daniel's branch of pebble.
you were faster :) I've adjusted Ansible's acme_certificate module to
also work with Daniel's branch in
Hi,
while looking at POST-as-GET support for account URLs, I noticed that
draft-ietf-acme-acme-15 mentions an error called "malformedRequest" in
two places (w.r.t. POST-as-GET), while the error is simply called
"malformed" in the list in Section 6.7. I think this is an oversight
and they should
Hi,
I've noticed that there are two stray "Accept: application/pkix"
headers in examples where they don't make sense (as the answer is
application/json):
- Section 7.5 (Identifier Authorization), top of page 50
- Section 7.5.1 (Responding to Challenges), top of page 53
I think they have been
Hello,
> On 8/30/18 7:55 AM, Richard Barnes wrote:
> > Focusing on DISCUSS comment for now, will pick up COMMENTs later.
> >
> > On your DISCUSS, I think you're off on a couple of small things
>
>
> Yeah, I woke up with the sudden realization that I'd had the wrong
> model in my head when I
Hi,
> > >[...] Secondly, the entropy requirement
> > >prevents ACME clients from implementing a "naive" validation
> > > server that automatically replies to challenges without
> > > participating in the creation of the initial authorization
> > > request.
> > >
> > > IMPORTANT: I'm not
Hi,
> > > > > >[...] Secondly, the entropy requirement
> > > > > >prevents ACME clients from implementing a "naive"
> > > > > > validation server that automatically replies to challenges
> > > > > > without participating in the creation of the initial
> > > > > > authorization request.
>