On Sun, Sep 25, 2016 at 02:03:21AM +0100, Hugo Landau wrote:
> I think the TOS URI mechanism should be preserved, and the specification
> should be changed to state that if no new act of assent is required,
> the URI stored in a registration should be updated to match it
> automatically.
I'm inclined to think that the registration object should always reflect
what was explicitly accepted, and not be updated without a new explicit
assent being sent.
I don't see a problem with having the directory show that the current
ToS is "version 3", and the registration object show that explicit
assent was obtained for "version 1", and leaving it up to the legal
acrobatics in the text of version 1 to say that explicit assent isn't
required for the "or later version" terms to apply automatically at
some point in time.
The registration object should be a record of what was most recently
explicitly accepted if it's to play the part of the legally binding
bit of a contract agreement. Changing it would be like someone else
pasting my signature onto a different document (as opposed to saying
that the document I originally signed allows parts of it to be updated
without explicit assent in the future if required).
>
> > I think this may be where we are not understanding each other. This is
> > not the main problem I am trying to fix. I'm trying to fix:
> >
> > 1. Registration is a two-step process, when it only needs to be one.
> > 2. Accounts can be created without agreeing to terms, which creates an
> > unnecessary indeterminate state.
>
> Agreed; fixing this seems desirable.
Yes, but this was an issue with Boulder's implementation, not the
protocol per-se. I personally found it surprising that it allowed
this, but the protocol didn't force it to[1] - it could have refused
any new-reg request without an acceptance instead of just disallowing
later operations until one was received.
There were at least some clients that were submitting the acceptance
with the initial new-reg request.
[1] or if it did in some clause I'm forgetting, that wasn't fundamental
to the mechanism employed and could be fixed without changing the
existing mechanism in any way.
Ron
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
