On Mon, Sep 26, 2016 at 03:21:15PM +0930, Ron wrote: > On Mon, Sep 26, 2016 at 05:53:26AM +0100, Hugo Landau wrote: > > > I don't see a problem with having the directory show that the current > > > ToS is "version 3", and the registration object show that explicit > > > assent was obtained for "version 1", and leaving it up to the legal > > > acrobatics in the text of version 1 to say that explicit assent isn't > > > required for the "or later version" terms to apply automatically at > > > some point in time. > > > > In this case a client should have some way to determine if explicit > > re-agreement is required. An "agreement-valid": bool field would > > suffice for this. > > Or just a suitable error code returned for the operation that actually > failed? Since that won't likely be a query of the registration object, > it's more likely to be noticed when a cert renewal is requested if the > server won't honor that without re-agreement. I think both should be done. But, separately, it should be possible to determine the usability of a registration object, ToS-wise, though, without making requests just to see if they return errors.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
