I'd like to propose a change that allows clients of the ACME protocol to
obtain the URL to the CA's current Terms of Service (if any) without
re-registering or trying to obtain a certificate and getting a failure
response.
This proposal has two parts: adding an entry to the directory, and adding
the current ToS URL to response headers.
Section 6.2 explains the directory, and adding an entry to the directory
seems logical:
{
"new-reg": "https://example.com/acme/new-reg";,
"recover-reg": "https://example.com/acme/recover-reg";,
"new-authz": "https://example.com/acme/new-authz";,
"new-cert": "https://example.com/acme/new-cert";,
"revoke-cert": "https://example.com/acme/revoke-cert";,
* "agreement-url": "https://example.com/acme/subscriber-agreement-v01.pdf
<https://example.com/acme/subscriber-agreement-v01.pdf>",*
}
Additionally, including the current ToS in response headers of a failed
request will allow clients to show the current terms and re-prompt the user
immediately, if available. Something like this:
*Agreement-URL: https://example.com/acme/subscriber-agreement-v01.pdf
<https://example.com/acme/subscriber-agreement-v01.pdf>*
Both of these could be optional (as the CA sees fit), but it makes it
possible for clients to offer a better user experience.
Thanks,
Matt Holt
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
