On 09/26/2016 10:13 PM, Hugo Landau wrote: >> a) Click a link in the email, read the new ToS, and click "Agree" at >> the bottom. >> b) Click a link in the email, read the new ToS, and copy and paste the >> new ToS URL into the customer's ACME client config. >> >> I think (a) is both more user-friendly and more likely to be what a CA >> would actually implement. > I agree that (a) would make sense for many users. However, providing an > e. mail address is not mandatory, and (b) is more automatable anyway. So > I'd expect most users to use (a) and users with large deployments or no > e. mail address registered to at least be able to use (b) if they > wanted. The notion generalizes to any out-of-band communication, whether it's email, SMS, RSS, or carrier pigeon. If there's some out-of-band way for the CA to communicate with its users, they can just provide a link to a page where the user can agree to the new ToS.
On 09/26/2016 10:36 PM, Ron wrote: > And then there's the little question of emailing a few billion users > vs' setting a notification bit in a response when they next connect to > the service ... assuming we want this to be ubiquitous and scalable. I expect that the total Subscribers using ACME will number in the low millions, not billions. And the capacity to email all of one's customers is not generally a problem for even the largest services. _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
