> The most likely out-of-band channel is email, right? So the CA would > send out email informing their customers that there's a new ToS, and the > customer needs to explicitly agree to it in the next N days, or they > will be unable to use the service. > > There are a couple of options the CA could ask their customer to do for > the next step: > > a) Click a link in the email, read the new ToS, and click "Agree" at > the bottom. > b) Click a link in the email, read the new ToS, and copy and paste the > new ToS URL into the customer's ACME client config. > > I think (a) is both more user-friendly and more likely to be what a CA > would actually implement. I agree that (a) would make sense for many users. However, providing an e. mail address is not mandatory, and (b) is more automatable anyway. So I'd expect most users to use (a) and users with large deployments or no e. mail address registered to at least be able to use (b) if they wanted.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
