On 08/21/2016 06:54 PM, Andy Ligg wrote:
> Sorry, the document still not update in “Registration Objects”, still
> same as Contact.
The pull request is definitely updated. Can you re-check
https://github.com/ietf-wg-acme/acme/pull/172/files?
More to the point, does the proposed change fit your ne
t;
>
> Best Regards,
>
>
>
> Andy
>
>
>
> *From:* Daniel McCarney [mailto:c...@letsencrypt.org]
> *Sent:* Friday, August 19, 2016 11:30 PM
> *To:* Andy Ligg
> *Cc:* Jacob Hoffman-Andrews ; acme@ietf.org
> *Subject:* Re: [Acme] Add an external secret field to regist
McCarney [mailto:c...@letsencrypt.org]
Sent: Friday, August 19, 2016 11:30 PM
To: Andy Ligg
Cc: Jacob Hoffman-Andrews ; acme@ietf.org
Subject: Re: [Acme] Add an external secret field to registration
> We checked the draft that the external_secret (optional, string) description
> is same as C
> We checked the draft that the external_secret (optional, string)
description is same as Contact.
This was fixed: https://github.com/ietf-wg-acme/acme/pull/172#
discussion_r75344194
On Fri, Aug 19, 2016 at 7:26 AM, Andy Ligg wrote:
> We checked the draft that the external_secret (optional, s
> We checked the draft that the external_secret (optional, string)
description is same as Contact.
This was fixed:
https://github.com/ietf-wg-acme/acme/pull/172#discussion_r75344194
On Fri, Aug 19, 2016 at 7:26 AM, Andy Ligg wrote:
> We checked the draft that the external_secret (optional, st
No, not this case.
User must post the token with the right email and certificate to server.
What I mean is StartCom system will send the token to customer's email account,
but if this email account info is stolen by hacker, then it can be used to
access this token's subscriber's account. My sugge
Could you clarify the security goal of the external secret?
Is it meant to be the *only* authentication client an ACME client
needs to present in order to take over some user’s existing StartCom acount?
In that case, this is subject to the same security considerations as account
recovery,
and pot
We checked the draft that the external_secret (optional, string) description
is same as Contact.
Another issue we think is how to guarantee this token's security, we plan to
limit this token that it will expire at the short time. Please advise, thanks.
Regards,
Andy
> On 18 Aug 2016, at 08:5
Here's one version of what it might look like to add the token Andy
proposed:
https://github.com/ietf-wg-acme/acme/pull/172
Let me know what you think!
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme