On 08/09/2016 01:23 PM, Andrew Ayer wrote: > I think the application flow should stay. Many CAs, including the ones > that SSLMate abstracts over, tie authorizations to specific CSRs, so > SSLMate can't implement an ACME frontend without the application flow.
Thanks, this is very helpful feedback. > I don't think there's a risk of interoperability problems if the > protocol supports both applications and new-authz. All clients will > need to support both applications and authorizations in any case. The > only difference in workflow is whether the authorization is retrieved by > POSTing to the new-authz endpoint, or by GETing a URL specified in the > application object. Given the above, how would SSLMate support POSTing to a new-authz endpoint? _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
