On 10/02/2016 08:40 AM, Richard Barnes wrote:
> the need to provide a valid signature provided some minimal validation
> of the request that could be performed totally statelessly by the server.
This would only filter out requests that are otherwise well-formed, but
have a bad signature, which are
I am inclined to think that this is a good change, on the basis that
it means that the server is minting the identifiers that the client
uses. I think that Jacob is probably understating the potential for
bugs here. And key canonicalization is a bad smell.
On 27 September 2016 at 14:51, Jacob
I understand the concern, but I think that clients already have to store
a significant amount of state: the ACME directory URL, the private key,
and the domain names, certificates, and private keys of existing
certificates. I think that one more item, the account URL, is not a
heavy burden,