> For better or worse, the state of the industry right now is that not > everything can be fully automated all of the time. Sometimes CAs need > for the tools to get a human in the loop for an updated agreement. I agree not everything can be automated all the time. That's why I think that ACME shouldn't try to provide tools for every possible case of ToS agreements and updates. Here's what I'm thinking:
You are provided with a ToS URL on signup, and agree to it or you're not able to create an account. - If the CA uses legal auto-update language (most common case by far), nothing else is required. - If the CA requires human acceptance of an updated ToS, there's no way that ACME can automate that. The server will start returning errors with a link to a page the user can visit to accept a new ToS. > Given that that's the state, the only question here is whether this > semantic should be expressed in the protocol. A CA can always just > refuse to take any action until a subscriber agrees to the new terms. Yep, exactly.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
