Hi Zach, For background I think this MUST originated out of this thread: https://mailarchive.ietf.org/arch/msg/acme/0lVmGl8e-rmSH0x7ycDW5dj6GAY
I would prefer option A) as well. It seems better to clear up the non-normative language than to step backwards to a place where proactive issuance may or may not happen without a clear signalling to the client of which a server will do. I think the use of "shortly" here is to allow the server some grace to determine that the order is completed and issuance can be performed. Perhaps we could change the language to say "The server MUST issue the requested certificate and update the order resource with a URL for the certificate after it has determined the client has fulfilled the server's requirements" and not impose any specific mention of the time between the client completing the challenges and the server noticing. Thoughts? On Wed, Mar 22, 2017 at 1:14 AM, Zach Shepherd <[email protected]> wrote: > The following feedback is based on 8010a31 (current HEAD of master). > > Section 7.4, Applying for Certificate Issuance, states "The server MUST > issue the requested certificate and update the order resource with a URL > for the certificate shortly after the client has fulfilled the server’s > requirements." > > Per RFC 2119 Section 6, the imperative MUST should be used with care and > sparingly. > > The use of "shortly" in the above sentence is imprecise. It is not > possible for a server author to know, with confidence, that they are > adhering to this requirement. It is not possible fore a client author to > make design or implementation decisions based on this requirement. > > I would propose either: > a) Replacing "shortly" with a more precise expectation. > b) Replacing "MUST" with "should". > > I believe there are advantages for setting expectations as to the > turn-around time for certificate issuance and would therefore prefer option > (a), assuming agreement could be reached on more precise language. > > Regards, > Zach Shepherd > > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
