On Wed, Mar 11, 2026 at 06:18:23PM +0900, Seo Suchan wrote: > I suggested jws because ACME already based on JWT > messages signed by account key, so it doesn't > bring anything new to the table. If Eve is able to > forge acme message we are toasted anyway
This is certificate key, not account key. The only place where ACME currently uses JWS for certificate key is revoke-by-private-key. ... Which has an issue that if certificate key is something that is not supported by JWS, then it can not be revoked by private key. And using JWS here would similarly have an issue that it does not support signature keys that are not supported by JWS (but are supported by some other protocol the keys are for). -Ilari _______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
