Closed aarongable closed 2 years ago
Yes, this will be necessary for adoption.
Specifically, we wouldn't be able to roll this out unless it can be cached. The database load for also verifying an account signature on each renewal check -- which could be even more often than OCSP checks -- would be very difficult to manage without significant architecture changes.
The renewalInfo objects are going to be queried very frequently, and their data is highly cacheable. The draft should take a stronger stance and disallow POST-as-GET entirely.
This was suggested during the ACME WG interim meeting, but I forget by which participant.