On 08/17/2016 10:47 AM, Eric Rescorla wrote: > I don't think the current text is very clear, so I think if we're going > to not change > that we should keep the text as-is while we discuss what it ought to say.
In other words, don't change the protocol part until we have the legal / UI part nailed down? If so, I'd like to see a proposal on the latter. I don't have an opinion either way, and I'm not a lawyer. For reference, here is the relevant section from the BRs: > The CA SHALL implement a process to ensure that each Subscriber or Terms of Use Agreement is legally enforceable against the Applicant. In either case, the Agreement MUST apply to the Certificate to be issued pursuant to the certificate request. The CA MAY use an electronic or "click-through" Agreement provided that the CA has determined that such agreements are legally enforceable. A separate Agreement MAY be used for each certificate request, or a single Agreement MAY be used to cover multiple future certificate requests and the resulting Certificates, so long as each Certificate that the CA issues to the Applicant is clearly covered by that Subscriber or Terms of Use Agreement. I'm pretty skeptical that we will come up with meaningful language in an RFC to meet any particular legal requirements, which is why I favor not trying to over-specify things here. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
