Section 3. ACME does not use Base64 encoding, it uses Base64url. This is the correct choice but the document specifies this indirectly.
--- Definitions Account Key Pair: A public key pair to authenticate certificate management requests. An ACME server considers the holder of the private key authorized to manage certificates for a given identifier. A single key pair MAY be authorized for multiple identifiers. --- Base64 " ACME messaging is based on HTTPS [RFC2818] and JSON [RFC7159]. Since JSON is a text-based format, binary fields are Base64-encoded. For Base64 encoding, we use the variant defined in [RFC7515]." RFC7515 has: Base64url Encoding Base64 encoding using the URL- and filename-safe character set defined in Section 5 of RFC 4648 [RFC4648], with all trailing ’=’ characters omitted (as permitted by Section 3.2) and without the inclusion of any line breaks, whitespace, or other additional characters. Note that the base64url encoding of the empty octet sequence is the empty string. (See Appendix C for notes on implementing base64url encoding without padding.) I suggest changing the text to "ACME messaging is based on HTTPS [RFC2818] and JSON [RFC7159]. Binary fields are encoded using Base64url encoding described in [RFC4648] Section 5, according to the profile specified in JSON Web Signature [RFC7515] Section 2. This encoding uses a URL safe character set. Trailing '=' characters MUST be stripped." [If it isn't a MUST strip then readers MUST accept padding so no point talking about it.] Section 3 is headed Terminology but actually contains normative descriptive text. I suggest using 'Terminology and References' to make this clear. I would also suggest that people are more used to finding this as section 2. It is a better way to organize though. I am changing some of my docs to follow suit. Basically, put all the material that relates to external dependencies in one place. Suggest more use of subsections though, gather all the JWS stuff into one place, all the JSON, etc. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
