Hey all, Going through PRs today, trying to see where we can make progress. I've already merged several that seemed non-controversial [1]. There are two more where I think we have agreement, but I wanted to give people a few days to opine:
--- #181 - Add a new-nonce endpoint https://github.com/ietf-wg-acme/acme/pull/181 This was proposed by Jacob as a resolution to the tension between nonces and cacheability (raised in #156). I also like this as a solution, so I went ahead and implemented it. --- #164 - Unparallelize signatures on key-change https://github.com/ietf-wg-acme/acme/pull/164 We've wandered a little bit in the discussion of this PR, but there seems to be agreement on the main points: * Use nested rather than parallel signatures * Use JWKs rather than thumbprints to represent the keys * Require the "url" parameter to be the same for both inner and outer JWSs * No requirement on the nonce parameter in the inner JWS The main remaining conflict is about the general question of whether we should represent accounts by key, URL, or both. That's a more general question than this PR, though, so I'm going to propose we go ahead and make the changes we've agreed on, and if we change the representation of accounts later, we can update this section to match. I've updated the PR to reflect the above agreements, and added a JWK equivalence test that I think should be agreeable to everyone. --- I would appreciate if people could take a quick look at these and thumbs-up/down. If I don't hear objections by mid-next-week, I'll go ahead and merge. --Richard [1] #163 - Make duplicate new-reg return 200 #166 - Clarify 'url' field processing #171 - Remove combinations array #175 - Remove certificates field from registration object #176 - Fix typos #178 - Fixes two typos not addressed by #176 #179 - Clarify "new-X" resources paragraph
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme