Order of identifiers and authorizations in new-order is not specified
csware opened this issue · 2 comments
On the new-order reuqest, there are two arrays returned, one for the identifiers and one for the authorizations. However, there is no order specified in ACMEv2. As two arrays are returned (and no hash), this might imply that the order of identifiers matches the order of authorizations.
This is not specified right now. Having this specified would allow clients to know in advance for which identity they are requesting the authorization challenge before requesting the URL, e.g. for better error reporting.
Also ok would be to just explicitly specify that the order is not guaranteed or the number of entries is not guaranteed to match in order to make it more clear to developers.
cf. https://community.letsencrypt.org/t/dns-based-validation-fails-on-renew/59027?u=mrtux
From the outcome of the linked conversation, we should just specify that no specific order is guaranteed.