Thanks for the PR! I agree that having an integrity hash is overkill,
and we should focus on advising CAs.
That said, the considerations for how CAs track agreements are very
much specific to each CA, so I'm hesitant to have MUST-level
requirements. If you change it to a SHOULD, then I think
2015-12-15 17:27 GMT+01:00 Richard Barnes :
> Thanks for the PR! I agree that having an integrity hash is overkill,
> and we should focus on advising CAs.
>
> That said, the considerations for how CAs track agreements are very
> much specific to each CA, so I'm hesitant to have
Michael Tandy wrote:
>
> 6. People are already writing client software; maybe it's too late to
> update the spec for such a marginal improvement.
>
> What do you think?
If we don't fix it now, a few years later we will not having changed it
now that it still is "not too late".
IMHO the spec
Two comments: Echoing an etag would be easier. SHA-512 is overkill.
On 9 December 2015 at 10:15, Michael Tandy wrote:
> Currently in the new-reg stage, the client POSTs a signed message, which may
> contain the URI of a user agreement. If the content of the URL changes, the