Aaron Gable <aa...@letsencrypt.org> wrote:
> Hi Michael,
> On Wed, Nov 27, 2024, 15:59 Michael Richardson <mcr+i...@sandelman.ca>
> wrote:
>>
> I'm unclear from reading 8555 if this key is retained across orders
>> (like a renewal 60 days later), or if a new key is generated each time.
>> Is the newAccount key always the same key as the CSR key?
>>
> The account key is almost never the same as the CSR key -- they serve
> different purposes and have different security properties, so the same key
> should not be used for both. In fact, Let's Encrypt rejects CSRs which
> contain a pubkey that is also in use as an account key.
Thank you for the clarification.
So then, is the account key retained across invocations?
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
