On Wed, Nov 11, 2015 at 7:06 PM Daniel Kahn Gillmor <[email protected]> wrote:
> Doesn't this depend on the nature of the data fetched at the given URL? > I'd hope that any inclusion of some mechanism like this would be tightly > constrained with guidance that makes the data both self-contained and > immutable. Something like: > > a) all the necessary data to understand the subscriber agreement is > available from that specific URL, without requiring any additional > resource fetches, arbitrary code execution, etc. I shouldn't need > to pull in external stylesheets or images, to run javascript, > receive or send cookies, etc. in order to be able to render the > document to the user. You've used .pdf in your example above: there > are now PDFs that violate all these assumptions. Maybe we could > limit to text/plain; charset=UTF-8, or (if PDF is needed) to PDF/A > or some similar archival-quality subset of PDF? > I agree; I only used pdf in my example because the current Let's Encrypt SA is in PDF format: https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf - indeed a text document would be simpler and safer. If the client leaves it up to the user to follow the link, then the format shouldn't matter in terms of the ACME spec; it is up to the document renderer (browser) to do so safely and correctly. If the client were to actually download and show the document to the user, then yes, plain text would be much better. Most terminal-based clients will probably not want to show the full legal terms in the terminal window, but would prefer a link. Simpler, less screen space required, accomplishes same goal. > b) That the resource fetched from that URL will never change. I don't > want to retrieve the URL at time T, display it to the user, and then > have the user continue the process at time T+2 when the document > changed at time T+1. > That's the idea. The URL to that version of the document should never change (ideally, but I suppose that is up to the CAs), but if it does, it means there is a new document, i.e. updated terms, the user must agree to. So the URL would be assumed to be a key or token value representing the actual legal text; if it changes, the user should be re-prompted.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
