On Mon, Nov 28, 2016 at 7:52 PM, Jacob Hoffman-Andrews <[email protected]> wrote:
> On 11/18/2016 05:11 PM, Richard Barnes wrote: > > #207 - Change agreementRequired to userActionRequired > > https://github.com/ietf-wg-acme/acme/pull/207 > LGTM > Merged. > > #208 - Remove the 'requirements' abstraction > > https://github.com/ietf-wg-acme/acme/pull/208 > Posted feedback: > https://github.com/ietf-wg-acme/acme/pull/208#pullrequestreview-10448372 > To import that here so that we can have some discussion: """ I thought we were going to make this a simple array of URLs rather than inlining the status (and therefore having it in two places)? """ I actually thought you were the one that suggested we keep the "status" fields :) The minutes not being dispositive, I pulled up the audio recording of the meeting ([1], around 35:00), and didn't find anything there either. ¯\_(ツ)_/¯ I think it's worth keeping the status fields because even though it's a bit more work for the server, it saves the client quite a bit of work in some cases. As I noted in the meeting, we recommend that CAs include all authorizations that they used in their issuance decision -- even if they're already valid. (And I think that's an important property to keep, for clarity.) Putting the status field in the order saves the client the work of sending a pile of GET requests for these already-valid authorizations. Can you live with that level of duplication, given the client ergonomics benefit? > > #209 - Add an external account binding field > > https://github.com/ietf-wg-acme/acme/pull/209 > Seems fine, though this seems to have been superseded by #212. Agreed. Since nobody seems to have strong objections to #212, closing this one. > About #212: Are we just reinventing OAuth here? > In brief, no. OAuth is a whole pile of specs that interact in complicated ways, and include a lot of stuff we don't need. OAuth also doesn't provide the delegation semantics we need here. So we're re-using the relevant part of OAuth (namely JWS), and not importing a lot of irrelevant stuff. Unless you have strong objections, I think we should go ahead and merge #212, since everyone else on the list seems to be OK with it. > > #210 - Terminology update > > https://github.com/ietf-wg-acme/acme/pull/210 > LGTM > Merged. > > #211 - Add registries for fields in account and order objects > > https://github.com/ietf-wg-acme/acme/pull/211 > LGTM > Merged. [1] https://www.ietf.org/audio/ietf97/ietf97-studio4-20161116-1330.mp3
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
