On Tue, 28 Nov 2017 13:28:08 -0500 Daniel McCarney <[email protected]> wrote:
> > > > The canonical example for me here is SSLMate [1], which takes a CSR > > up front, I'm told because the back-ends it uses require it. > > Andrew Ayer, who maintains SSLMate, is on this list, and might be > > able to provide further insight. > > > SSLMate/Andrew are the reseller I recall confirming could accommodate > #342 without needing a CSR in new-order. I hope Andrew can clarify if > #I'm > remembering incorrectly. You are remembering correctly. To recap what I said off-list, removing the CSR from new-order wouldn't work if a CA wanted to extend ACME to add non-standard challenges that were derived from the CSR. If a CA is only going to use the standard challenges, then I don't see a problem. SSLMate isn't going to use non-standard challenges, so I'm fine moving the CSR to finalize and removing it from new-order. Regards, Andrew _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
