I've updated https://github.com/ietf-wg-acme/acme/pull/194 to reflect
the Link: rel="alternate" concept. Are there any further comments on
this change? I'd like to get it merged by the Monday draft deadline.
On 10/12/2016 03:22 PM, Jacob Hoffman-Andrews wrote:
> On 10/02/2016 08:49 AM, Richard
I appreciate the sentiment. It seems morally right that the PKI should be
that simple. But in practice, it's not. That's why the world needs tools
like Ubiquity that have full scoring algorithms:
https://godoc.org/github.com/cloudflare/cfssl/ubiquity
On Sun, Oct 2, 2016 at 9:15 PM, Andrew
> One of the most common ACME deployment failures observed in practice is
> for servers to be configured to serve only the end-entity certificate,
> without the intermediate certificates. This is a particularly pernicious
> problem because some browsers will still trust the resulting
>
One of the most common ACME deployment failures observed in practice is
for servers to be configured to serve only the end-entity certificate,
without the intermediate certificates. This is a particularly pernicious
problem because some browsers will still trust the resulting
one-certificate
