Given that account recovery is based on key (with or without #294<https://github.com/ietf-wg-acme/acme/issues/294>), it seems like allowing multiple accounts to coexist with the same key would be problematic.
It also seems like attempting to create a second account with the same key would almost always indicate user- or client-error. Responding with an error seems best, but no existing error type seems appropriate. ________________________________ From: Acme <[email protected]> on behalf of Logan Widick <[email protected]> Sent: Thursday, April 20, 2017 9:35 AM To: ACME WG Subject: [Acme] Multiple Accounts with Same Key All, How should a server respond if a client is trying to perform an action that would result in multiple active accounts having the same account key? For example: * Sending a key-change request with a newKey that is already in use by another account * (If https://github.com/ietf-wg-acme/acme/issues/294<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_ietf-2Dwg-2Dacme_acme_issues_294&d=DwMFaQ&c=uilaK90D4TOVoH58JNXRgQ&r=Z9jmRNJFc0_mrYgZ7k4FWDuC1AsqA1UJKUYIM6ZnnNk&m=fT5vYOMkmme0438ks680s1E87y3_9uzpVRXo68BKP0g&s=RQZTzj8SNgzWJCM0DOIr88G0VC9ETYS7ZMt_QKVTT1I&e=> is merged into master) Sending a new-account request (that doesn't have the new "recovery" field or has the new field set to false) with a key that is already used by another account Should the server respond with an error code? Allow multiple accounts with the same key to coexist? Do something else? Sincerely, Logan Widick
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
