Re: [Acme] Agreement integrity checksum

Thanks for the PR! I agree that having an integrity hash is overkill, and we should focus on advising CAs. That said, the considerations for how CAs track agreements are very much specific to each CA, so I'm hesitant to have MUST-level requirements. If you change it to a SHOULD, then I think

Re: [Acme] Agreement integrity checksum

2015-12-15 17:27 GMT+01:00 Richard Barnes : > Thanks for the PR! I agree that having an integrity hash is overkill, > and we should focus on advising CAs. > > That said, the considerations for how CAs track agreements are very > much specific to each CA, so I'm hesitant to have

Re: [Acme] Agreement integrity checksum

Michael Tandy wrote: >  > 6. People are already writing client software; maybe it's too late to > update the spec for such a marginal improvement. > > What do you think? If we don't fix it now, a few years later we will not having changed it now that it still is "not too late". IMHO the spec

Re: [Acme] Agreement integrity checksum

Two comments: Echoing an etag would be easier. SHA-512 is overkill. On 9 December 2015 at 10:15, Michael Tandy wrote: > Currently in the new-reg stage, the client POSTs a signed message, which may > contain the URI of a user agreement. If the content of the URL changes, the