structure of the `permanent-identifier` identifier value

[cpu]

Hi hi,

Similar to #9 I have a question about the permanent-identifier value. Presently the draft defers to RFC 4043 for the form the permanent-identifier should take inside of a CSR's subjectAltName extension.

However, in RFC 8555 when applying for cert issuance the new order request identifier values are strings. It's not immediately obvious to me how one would encode a PermanentIdentifier from RFC 4043 in that context. Would it be just the identifierValue UTF8String OPTIONAL field?

Similarly, when it comes time for the ACME server to match up the CSR contents with the order identifiers, is there more specific advice to offer? In particular both fields of the PermanentIdentifier are spec'd as OPTIONAL and 4043 has a lot of text describing how to interpret the omission/inclusion of each. How will that map to the identifier types when matching CSR/order contents?

I'm not very familiar with the problem space this draft is tackling so I might be confusing myself here :-) I came up with these questions while trying to review parts of an implementation proposed for the instant-acme client.