Hello,
Section 7.5.1 of RFC 8555 states the client sends an empty JSON body POST
request to the challenge URL to confirm it's ready for validation. This
seems, perhaps, overly restrictive, and certainly inefficient for
authorization types that are able to produce a valid challenge response at
the
tter way, I would prefer that
approach, and have documentation based on RFC's to support the design
decision.
What are your thoughts?
On Fri, Nov 15, 2024 at 12:09 PM Michael Richardson
wrote:
>
> Jeremy Hahn wrote:
> > An attestation authorization still needs to be v
ss this concern?
>
> https://www.rfc-editor.org/errata/eid5729
>
> --
> *From:* Jeremy Hahn
> *Sent:* 16 November 2024 18:57
> *To:* Michael Richardson
> *Cc:* Jacob Hoffman-Andrews ; acme@ietf.org <
> acme@ietf.org>
> *Subject:* [Acme] Re: RFC 8555 challenge r
saying that the ACME JWS serialization is
different from the JOSE standard, so that means having to maintain an ACME
specific JWS serialization and signing library in addition to code
following JOSE standards.
On Mon, Nov 11, 2024 at 4:36 PM Jacob Hoffman-Andrews
wrote:
> On Mon, Nov 11, 2024
