Aaron Gable <aa...@letsencrypt.org> wrote:
> For example, I hope to introduce a proposal for a "pubkey" identifier
> type, so that TLS ACME clients can submit their pubkey at newOrder
> time. This would remove the last field that the ACME CA truly relies on
> the CSR for, allowing ACME Servers to ignore the CSR entirely if they
> so wished. It also has the added benefit of letting clients prove that
> they control the corresponding private key (by fulfilling an ACME
> Challenge for the pubkey identifier, e.g. by conducting a TLS handshake
> with that key), which the current CSR transmission mechanism does not
> do.I'm all for moving beyond the CSR! I think having something that can be used in ACME and also in other enrolling protocols would be useful though. RFC7030bis has been talked about. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
