On 07/12/2016 01:50 PM, Daniel McCarney wrote: > What does "equivalence" mean in the context of JSON Web Keys? This is good feedback, I didn't define it clearly in the code as-is. The goal is this: Since accounts are uniquely identified by their key, keys must be unique. Let's Encrypt / Boulder treats this as uniqueness across the "key material" pieces, ignoring fields like "use" and "kid." More specifically we marshal the key as an x509 SubjectPublicKeyInfo and hash it.
We should probably add to the ACME spec a notion of preventing duplicate keys at registration time, formally define what it means to be a duplicate, and apply the same concept here. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
