On 02/13/2017 12:20 PM, Russ Housley wrote: > I do not think it is a risk with the authorizations that have been > defined. I was wondering about a situation where a client make a > mistake. If a client tries to fulfill one of the authorizations and > for some reason is unable to do so completely, and then moves to > another authorization, can the half-done first authorization cause a > problem. Duplicate tokens across authorizations (not within authorizations) might cause some minor issues. For instance, the token is used to identify a resource being requested, so in the http-01 challenge a client might find itself trying to write the same content to the same filename as second time.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
