+1 for "MUST begin the issuance process" - thanks for the suggestion Jacob.
On Wed, Mar 22, 2017 at 2:44 PM, Zach Shepherd <[email protected]> wrote: > I think "MUST begin the issuance process" addresses my concerns and is in > line with the discussions around preferring "proactive" issuance. > > ------------------------------ > *From:* Jacob Hoffman-Andrews <[email protected]> > *Sent:* Wednesday, March 22, 2017 10:13 AM > *To:* [email protected]; Zach Shepherd > *Cc:* [email protected] > *Subject:* Re: [Acme] Use of "shortly" in normative language of Section > 7.4, Applying for Certificate Issuance > > We could say "MUST begin the issuance process" > > The main things on my mind that could delay issuance slightly: > - Submitting to CT > - Checking CAA > - Internal queuing for available capacity > - Manual vetting > > I think "MUST begin" covers for all of those, while allowing some > vagueness as to how long they will take. > > On 03/22/2017 09:39 AM, Daniel McCarney wrote: > > Hi Zach, > > For background I think this MUST originated out of this thread: > https://mailarchive.ietf.org/arch/msg/acme/0lVmGl8e-rmSH0x7ycDW5dj6GAY > <https://urldefense.proofpoint.com/v2/url?u=https-3A__mailarchive.ietf.org_arch_msg_acme_0lVmGl8e-2DrmSH0x7ycDW5dj6GAY&d=DwMD-g&c=uilaK90D4TOVoH58JNXRgQ&r=Z9jmRNJFc0_mrYgZ7k4FWDuC1AsqA1UJKUYIM6ZnnNk&m=IVegRoNI7i9NKYEzqcMfeK47xFPnnNPelVyrANn-ApQ&s=sangkBdLNhQ_KuubT2WqqFvFfy9gCNFcbWH5_NAutl4&e=> > > > I would prefer option A) as well. It seems better to clear up the > non-normative language than to step backwards to a place where proactive > issuance may or may not happen without a clear signalling to the client of > which a server will do. > > I think the use of "shortly" here is to allow the server some grace to > determine that the order is completed and issuance can be performed. > Perhaps we could change the language to say "The server MUST issue the > requested certificate and update the order resource with a URL for the > certificate after it has determined the client has fulfilled the server's > requirements" and not impose any specific mention of the time between the > client completing the challenges and the server noticing. Thoughts? > > On Wed, Mar 22, 2017 at 1:14 AM, Zach Shepherd <[email protected]> > wrote: > >> The following feedback is based on 8010a31 (current HEAD of master). >> >> Section 7.4, Applying for Certificate Issuance, states "The server MUST >> issue the requested certificate and update the order resource with a URL >> for the certificate shortly after the client has fulfilled the server’s >> requirements." >> >> Per RFC 2119 Section 6, the imperative MUST should be used with care and >> sparingly. >> >> The use of "shortly" in the above sentence is imprecise. It is not >> possible for a server author to know, with confidence, that they are >> adhering to this requirement. It is not possible fore a client author to >> make design or implementation decisions based on this requirement. >> >> I would propose either: >> a) Replacing "shortly" with a more precise expectation. >> b) Replacing "MUST" with "should". >> >> I believe there are advantages for setting expectations as to the >> turn-around time for certificate issuance and would therefore prefer option >> (a), assuming agreement could be reached on more precise language. >> >> Regards, >> Zach Shepherd >> >> _______________________________________________ >> Acme mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/acme >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_acme&d=DwMD-g&c=uilaK90D4TOVoH58JNXRgQ&r=Z9jmRNJFc0_mrYgZ7k4FWDuC1AsqA1UJKUYIM6ZnnNk&m=IVegRoNI7i9NKYEzqcMfeK47xFPnnNPelVyrANn-ApQ&s=0aKjhUeYQGvrvF_50ZzCMUIEt6uUg18yDmXhGuk5KRY&e=> >> >> > > > _______________________________________________ > Acme mailing [email protected]https://www.ietf.org/mailman/listinfo/acme > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_acme&d=DwMD-g&c=uilaK90D4TOVoH58JNXRgQ&r=Z9jmRNJFc0_mrYgZ7k4FWDuC1AsqA1UJKUYIM6ZnnNk&m=IVegRoNI7i9NKYEzqcMfeK47xFPnnNPelVyrANn-ApQ&s=0aKjhUeYQGvrvF_50ZzCMUIEt6uUg18yDmXhGuk5KRY&e=> > > >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
