I think "MUST begin the issuance process" addresses my concerns and is in line with the discussions around preferring "proactive" issuance.
________________________________ From: Jacob Hoffman-Andrews <[email protected]> Sent: Wednesday, March 22, 2017 10:13 AM To: [email protected]; Zach Shepherd Cc: [email protected] Subject: Re: [Acme] Use of "shortly" in normative language of Section 7.4, Applying for Certificate Issuance We could say "MUST begin the issuance process" The main things on my mind that could delay issuance slightly: - Submitting to CT - Checking CAA - Internal queuing for available capacity - Manual vetting I think "MUST begin" covers for all of those, while allowing some vagueness as to how long they will take. On 03/22/2017 09:39 AM, Daniel McCarney wrote: Hi Zach, For background I think this MUST originated out of this thread: https://mailarchive.ietf.org/arch/msg/acme/0lVmGl8e-rmSH0x7ycDW5dj6GAY<https://urldefense.proofpoint.com/v2/url?u=https-3A__mailarchive.ietf.org_arch_msg_acme_0lVmGl8e-2DrmSH0x7ycDW5dj6GAY&d=DwMD-g&c=uilaK90D4TOVoH58JNXRgQ&r=Z9jmRNJFc0_mrYgZ7k4FWDuC1AsqA1UJKUYIM6ZnnNk&m=IVegRoNI7i9NKYEzqcMfeK47xFPnnNPelVyrANn-ApQ&s=sangkBdLNhQ_KuubT2WqqFvFfy9gCNFcbWH5_NAutl4&e=> I would prefer option A) as well. It seems better to clear up the non-normative language than to step backwards to a place where proactive issuance may or may not happen without a clear signalling to the client of which a server will do. I think the use of "shortly" here is to allow the server some grace to determine that the order is completed and issuance can be performed. Perhaps we could change the language to say "The server MUST issue the requested certificate and update the order resource with a URL for the certificate after it has determined the client has fulfilled the server's requirements" and not impose any specific mention of the time between the client completing the challenges and the server noticing. Thoughts? On Wed, Mar 22, 2017 at 1:14 AM, Zach Shepherd <[email protected]<mailto:[email protected]>> wrote: The following feedback is based on 8010a31 (current HEAD of master). Section 7.4, Applying for Certificate Issuance, states "The server MUST issue the requested certificate and update the order resource with a URL for the certificate shortly after the client has fulfilled the server’s requirements." Per RFC 2119 Section 6, the imperative MUST should be used with care and sparingly. The use of "shortly" in the above sentence is imprecise. It is not possible for a server author to know, with confidence, that they are adhering to this requirement. It is not possible fore a client author to make design or implementation decisions based on this requirement. I would propose either: a) Replacing "shortly" with a more precise expectation. b) Replacing "MUST" with "should". I believe there are advantages for setting expectations as to the turn-around time for certificate issuance and would therefore prefer option (a), assuming agreement could be reached on more precise language. Regards, Zach Shepherd _______________________________________________ Acme mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/acme<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_acme&d=DwMD-g&c=uilaK90D4TOVoH58JNXRgQ&r=Z9jmRNJFc0_mrYgZ7k4FWDuC1AsqA1UJKUYIM6ZnnNk&m=IVegRoNI7i9NKYEzqcMfeK47xFPnnNPelVyrANn-ApQ&s=0aKjhUeYQGvrvF_50ZzCMUIEt6uUg18yDmXhGuk5KRY&e=> _______________________________________________ Acme mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/acme<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_acme&d=DwMD-g&c=uilaK90D4TOVoH58JNXRgQ&r=Z9jmRNJFc0_mrYgZ7k4FWDuC1AsqA1UJKUYIM6ZnnNk&m=IVegRoNI7i9NKYEzqcMfeK47xFPnnNPelVyrANn-ApQ&s=0aKjhUeYQGvrvF_50ZzCMUIEt6uUg18yDmXhGuk5KRY&e=>
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
