In a similar vein, another small but real world example where this being
standardized would be useful is Certbot has the flag —allow-subset-of-names
that causes it to not treat it as a failure if you cannot complete all
authorizations and instead obtain a certificate only for the identifiers you
As a client developer, I slightly prefer submitting the CSR twice. In
addition to making the request logic a bit simpler, it causes the client
to provide more information about the cert it would like to obtain
earlier in the process. This was mentioned in another thread on this
topic, but to provid
After talking about this with the rest of the Certbot team, we agree
with Roland as well. While certainly either approach is doable, dropping
the version number adds additional complexity for the many dozens of
existing implementations for no real technical benefit.
On 03/13/2017 11:26 PM, Alan Do
I think there's a possibility we could implement a lot of the desired
functionality without preconditions or changing the reg-authz-cert flow.
The main benefits initially mentioned for preconditions were payments,
wildcards, and CA issuance flows.
To implement payments, it seems like we could use