I should’ve create an api documentation before write this pseudoAPI server implemt.
and automatic builder for some reason can’t find sha3 package
3 Likes
@schoen do you happen to know what the purpose of applicantSigningNonce is - like what is the CA meant to do with it? All I can see is that it seems to have originally appeared in the previous onion rules in the EVGs. The mailing archives are so hard to navigate, and I thought perhaps since you started the onion v3 thread up, you might be able to shed some light on the whole thing.
1 Like
That’s interesting—I do feel like we substantially just copied that over from the EV version.
I believe the applicantSigningNonce is normally used when the CA has an out-of-band relationship with the applicant, which is really much more likely to be the case in EV issuance than DV issuance.
3 Likes
How should we handle that in LE context? send it with challenge CSR? Just ignore it? but it’s a MUST I can’t find right place to put it.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.