On Tue, Jul 26, 2016 at 11:29 PM, Andrew Ayer <[email protected]> wrote:
> On Tue, 26 Jul 2016 23:03:18 +0200 > Richard Barnes <[email protected]> wrote: > > > Given those trade-offs, I wonder if some sort of intermediate approach > > would be better. The best thing that's come to me so far is to fork > > the application process: > > > > - Add an "identifiers" field to the application object > > - Each application MUST have exactly one of "csr" and "identifiers" > > - If "csr" is present, then do what's in the draft now > > - If "identifiers" is present, then do the same dance, but don't > > issue the certificate > > > > Does that sound sane to folks? It still seems slightly gross to me, > > because of the switching based on the presence of fields. Anyone have > > better ideas? > > This seems sane, and better than option 1. The switching is gross, but > perhaps it can be made less gross with this logic: > > - "identifiers" MUST be present. > - "csr" MAY be present. > - If "csr" is present, its identifiers MUST match "identifiers". > - A certificate will only be issued if "csr" is present. > Yes, this seems basically sound... -Ekr > Regards, > Andrew > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
