Hi!
I have a question regarding RFC 8823 and the calculation of the ACME
response. The RFC says:
"[...] followed by [...] the key authorization, calculated from
concatenated token-part1 (received over email) and token-part2 (received
over HTTPS) [...]"
The RFC also gives two example tokens
Since it says the "calculated key-authorization", which assumes you have to use
the decoded tokens, I think you should neither concatenate the tokens as-is,
nor re-encode the tokens after concatenation.
Rather, you should decode both token-parts, then concatenate the result, and
use the result
Rather, you should decode both token-parts, then concatenate the result, and
use the result (as a byte array) to do the key-authorization calculation.
RFC 8555 Section 8.1 says:
A key authorization is a string that
concatenates the token for the challenge with a key fingerprint,
separ
