[Acme] Authorizations and Certificates in Registrations

Niklas Keller <me@kelunik.com> Sat, 05 December 2015 18:10 UTC

Return-Path: <me@kelunik.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 399431B2BA7 for <acme@ietfa.amsl.com>; Sat, 5 Dec 2015 10:10:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.673
X-Spam-Level: *
X-Spam-Status: No, score=1.673 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F9wrdtpHuTfy for <acme@ietfa.amsl.com>; Sat, 5 Dec 2015 10:10:47 -0800 (PST)
Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de [IPv6:2a01:238:20a:202:5300::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E1801B2BA8 for <acme@ietf.org>; Sat, 5 Dec 2015 10:10:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1449339044; l=1200; s=domk; d=kelunik.com; h=Content-Type:To:From:Subject:Date:MIME-Version; bh=hcjNph+ZvhnlfvCx695wEF46nEjgHHgdw80dQYtxMm8=; b=Oyf05XTShtTLU03SdV3lBqn91dFXQolIBhRRUE/GQQ2LJj2vP5Tt3VvuQ/6VM0I2xVQ RsUZyTbYpPHm+AZayMlGvdOLj6N2hSSs7jT2kN1gdGW04N5vJjyEHGeyss4r0EwDEKxgR 8jMuEhuzI84LFsRqNIGN+TXcZ90JiYkO3kQ=
X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLGvomb4bl9EfHtO3A6
X-RZG-CLASS-ID: mo00
Received: from mail-wm0-f43.google.com ([74.125.82.43]) by smtp.strato.de (RZmta 37.14 AUTH) with ESMTPSA id t05c17rB5IAhNjn (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA)) (Client did not present a certificate) for <acme@ietf.org>; Sat, 5 Dec 2015 19:10:43 +0100 (CET)
Received: by wmvv187 with SMTP id v187so115480510wmv.1 for <acme@ietf.org>; Sat, 05 Dec 2015 10:10:43 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.28.72.136 with SMTP id v130mr11375247wma.60.1449339043441; Sat, 05 Dec 2015 10:10:43 -0800 (PST)
Received: by 10.194.22.5 with HTTP; Sat, 5 Dec 2015 10:10:43 -0800 (PST)
Date: Sat, 5 Dec 2015 19:10:43 +0100
X-Gmail-Original-Message-ID: <CANUQDCjv6oVAyFNm8pQfmEzEJ+s+HsAS7OkV5H3U1X8JWHaRNA@mail.gmail.com>
Message-ID: <CANUQDCjv6oVAyFNm8pQfmEzEJ+s+HsAS7OkV5H3U1X8JWHaRNA@mail.gmail.com>
From: Niklas Keller <me@kelunik.com>
To: IETF ACME <acme@ietf.org>
Content-Type: multipart/alternative; boundary=001a114b32b6d8152f05262a8a10
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/M87w3UsOan2kmZdW0yuoLgG7u6c>
Subject: [Acme] Authorizations and Certificates in Registrations
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Dec 2015 18:10:49 -0000

Hello,

what's the reason why "authorizations" and "certificates" are optional in
registration objects? They should both not be optional IMO, because they
can be used nicely to lower the load on the CA, because clients can reuse
prior authorizations and even download lost certificates easily. This makes
also revocation easier, because you can simply list all valid certificates
for a given account key.

Regards, Niklas