> The notion generalizes to any out-of-band communication, whether it's > email, SMS, RSS, or carrier pigeon. If there's some out-of-band way for > the CA to communicate with its users, they can just provide a link to a > page where the user can agree to the new ToS. But right now you can use Let's Encrypt without providing any means of out-of-band communication, so it's not safe to assume that such a mechanism — e. mail or otherwise — will be available.
You mention RSS, but that requires a web interface to have some way of tying assent to a registration, which would require users to do special and unusual things with their registration private key to prove they hold it. RSS becomes viable if combined with option b, where users can configure their clients to assent to a new agreement in advance. Or are you talking about cases where no new assent is required? I'm arguing that both cases should be covered. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
