Hi Hugo, Providing the CSR up-front allows the CA to predicate order processing on > aspects of that CSR, both with regard to the present protocol and any > future extensions, both now and in the future in ways that we can and > cannot foresee. I don't think it's appropriate to defer giving critical > information to the CA until the last minute due to a resource utilisation > concern which LE has already proven capable of dealing with
The open-ended policy accommodations you mention sound nice in theory but at the start of this thread I offered concrete cases that suffer as a result of this decision and I would like to see concrete use-cases used as counter argument. Are there any CAs that have expressed interest in policy decisions based on the CSR? If so, can they please explain in concrete terms how they would *not* be able to do so with the CSR submitted at finalization time? This thread was specifically started because the LE implementation showed that the current design would pose considerable problems with resource utilization. I don't think it's appropriate to assume that in contradiction to that direct experience it will be a problem LE is capable of dealing with without more concrete suggestions as to how. - cpu On Tue, Oct 24, 2017 at 9:45 AM, Hugo Landau <hlan...@devever.net> wrote: > My thoughts: > > - Requiring an explicit action against the order after the fulfilment of > authorizations to cause issuance seems fine to me. > > - I think moving the submission of the CSR to the end of this process is > a mistake. > > The ACME protocol should permit CAs to implement policy as far as is > reasonably practicable with regard to the workflows around which the > protocol is organised. Providing the CSR up-front allows the CA to > predicate order processing on aspects of that CSR, both with regard to > the present protocol and any future extensions, both now and in the > future in ways that we can and cannot foresee. I don't think it's > appropriate to defer giving critical information to the CA until the > last minute due to a resource utilisation concern which LE has already > proven capable of dealing with, especially when the whole point of the > order flow in the first place was to provide more flexibility for CAs to > institute policy. > > A possible compromise would be to require the CSR to be submitted both > on new-order and on finalization, but that's quite clumsy. > >
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
