On Tue, Aug 09, 2016 at 12:11:41PM -0700, Jacob Hoffman-Andrews wrote: > > > For better or worse, the state of the industry right now is that not > > everything can be fully automated all of the time. Sometimes CAs need > > for the tools to get a human in the loop for an updated agreement. > I agree not everything can be automated all the time. That's why I think > that ACME shouldn't try to provide tools for every possible case of ToS > agreements and updates. Here's what I'm thinking: > > You are provided with a ToS URL on signup, and agree to it or you're not > able to create an account. > > - If the CA uses legal auto-update language (most common case by far), > nothing else is required.
I think in this case we should specify that the CA MUST notify the user of this via the ACME protocol (ie. by changing the ToS URL or similar). It doesn't need to automatically result in a failure at the client, but the client must be able to inform the responsible admin that this has occurred, so that they can review the new terms. (which probably means we need a way to signal that they are explicitly *not* accepted - though that could just be revoking the registration before the new terms would automatically take effect) > - If the CA requires human acceptance of an updated ToS, there's no way > that ACME can automate that. The server will start returning errors with > a link to a page the user can visit to accept a new ToS. I'd prefer to still see this done via the client software and ACME (ie. such as passing an --accept-tos flag to the client using the same process as initial signup to register acceptance with the CA). As opposed to having to visit some page from an error link and take some action out of band. _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
