I agree that there are a large number of wasted nonce values which creates a burden for the ACME server. This PR would certainly reduce the number of unused nonces.
It seems unfortunate that with this PR, the only guaranteed way to begin the ACME process is by posting a failed registration request. Additionally, I have seen some clients which fetch the directory before each submission for a fresh nonce, yielding at least twice as many nonces as they need. (Example: https://github.com/diafygi/letsencrypt-nosudo/blob/master/sign_csr.py#L26 ) With this PR, clients may be inclined to simply perform all of their transactions twice to get the same "nonce_req" result. On Fri, Jul 8, 2016 at 1:55 PM, Jacob Hoffman-Andrews <[email protected]> wrote: > https://github.com/ietf-wg-acme/acme/pull/156 > > Previously the server was required to provide a nonce on all successful > responses, including GETs. This makes certain nonce-storage techniques > like an > in-memory list impractical, because the size of the list would have to > scale > with GET requests rather than just authenticated POSTs. > > This change reduces the scope of requests where nonces are required. > > It also tweaks the example section for Replay-Nonce to not define the > base64url > character set. > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
