On 11/30/2017 02:53 PM, Tim Hollebeek wrote: > My recollection from various CA/Browser discussions is that CAs are *not* > actually required to keep around CSRs. Am I wrong? I may be misremembering. I thought they were required to log proof of the subscriber's possession of the private key, but you're right that 3.2.1 is empty. So, even more reason to not make this required!
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme