Criteria for "has not already been marked as replaced"

robstradling commented 5 months ago

Section 5 currently says (emphasis mine):

Servers SHOULD check that the identified certificate and the New Order request correspond to the same ACME Account, that they share at least one identifier, and that the identified certificate has not already been marked as replaced by a different pending or finalized Order.

"pending" is an Order object status, but "finalized" is not.

There are a couple of problems with this language AIUI:

"pending or finalized" does not include the "ready" Order object state.
"pending or finalized" does include the subset of "invalid" Order objects that transitioned from "processing" to "invalid".

Here are a couple of wordsmithing attempts for your consideration:

...by a different "pending", "ready", "processing", or "valid" Order.
...by a different Order that is not "invalid".

aarongable commented 5 months ago

Thank you! This is a very good catch. I prefer your second proposal here, "...by a different Order that is not "invalid"."

robstradling commented 5 months ago

Thanks @aarongable !

aarongable / draft-acme-ari

Criteria for "has not already been marked as replaced" #66