On 10/02/2015 02:00 PM, Richard Barnes wrote: > Authorized key object is TOKEN.FINGERPRINT, where: > * TOKEN is the token in the challenge > * FINGERPRINT is the JWK thumbprint of the account key (per the > relevant JOSE spec) This sounds reasonable. I don't see a reason to have the client echo the token.
In the vein of reasoning about the protocol, it probably makes sense to specify the length of the token in more detail, and just say "64 random octets, base64-encoded." _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme