The spec currently defines an entirely new JWK key equivalence method which is then only used once. Instead of adding this new method (which seems to just be a the JWK thumbprint computation minus the use of a digest) I propose we just re-work the key roll-over method to work without having to compare the 'newKey' and the key used to sign the inner JWS.
The simplest method here seems to be to just check that the 'newKey' also verifies the inner JWS. Proposed change here: https://github.com/ietf-wg-acme/acme/pull/263 _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
