On 06/30/2017 09:54 AM, Dunning, John wrote: > Based on your description below, I think door A makes more sense to > me. My paraphrase of it is that key authorizations get bound at > creation time, and thus get “grandfathered” in after a credential > rotation. This is a good paraphrase. What do other folks on this list think about binding key authorization objects at creation time? I can't immediately see a security issue with it, but as a reminder, an earlier version of the protocol was subject to a vulnerability (https://www.ietf.org/mail-archive/web/acme/current/msg00484.html) related to changing the account key after creating an authorization object, so I think tweaks in this area deserve extra scrutiny.
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
