Hello,
In section 7.4.2 
(https://tools.ietf.org/html/draft-ietf-acme-acme-13#section-7.4.2), it is 
stated several times that certificate resources are immutable. Given that this 
isn't the case with an ACME server that supports the STAR extension, it might 
be good to remove the language around resource immutability to avoid potential 
confusion. In addition, the verbiage concerning the setting of cache control 
headers for the certificate resource may also cause confusion in the context of 
an ACME STAR server. 

On the other hand, since the language in 7.4.2 appears to be correct for the 
base ACME specification (ignoring STAR), I could see why the existing language 
should remain.

Thanks,
Corey Bonnell
Senior Software Engineer

Trustwave | SMART SECURITY ON DEMAND
https://www.trustwave.com

On 7/17/18, 6:14 PM, "Acme on behalf of [email protected]" 
<[email protected] on behalf of [email protected]> wrote:

    
    A New Internet-Draft is available from the on-line Internet-Drafts 
directories.
    This draft is a work item of the Automated Certificate Management 
Environment WG of the IETF.
    
            Title           : Automatic Certificate Management Environment 
(ACME)
            Authors         : Richard Barnes
                              Jacob Hoffman-Andrews
                              Daniel McCarney
                              James Kasten
        Filename        : draft-ietf-acme-acme-13.txt
        Pages           : 86
        Date            : 2018-07-17
    
    Abstract:
       Certificates in PKI using X.509 (PKIX) are used for a number of
       purposes, the most significant of which is the authentication of
       domain names.  Thus, certificate authorities in the Web PKI are
       trusted to verify that an applicant for a certificate legitimately
       represents the domain name(s) in the certificate.  Today, this
       verification is done through a collection of ad hoc mechanisms.  This
       document describes a protocol that a certification authority (CA) and
       an applicant can use to automate the process of verification and
       certificate issuance.  The protocol also provides facilities for
       other certificate management functions, such as certificate
       revocation.
    
       RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH: The source for
       this draft is maintained in GitHub.  Suggested changes should be
       submitted as pull requests at 
https://scanmail.trustwave.com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0tELzhbEIcA&s=5&u=https%3a%2f%2fgithub%2ecom%2fietf-wg-acme%2facme
       [1].  Instructions are on that page as well.  Editorial changes can
       be managed in GitHub, but any substantive change should be discussed
       on the ACME mailing list ([email protected]).
    
    
    The IETF datatracker status page for this draft is:
    
https://scanmail.trustwave.com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBX3heYJIQ&s=5&u=https%3a%2f%2fdatatracker%2eietf%2eorg%2fdoc%2fdraft-ietf-acme-acme%2f
    
    There are also htmlized versions available at:
    
https://scanmail.trustwave.com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0tEKghb9eKA&s=5&u=https%3a%2f%2ftools%2eietf%2eorg%2fhtml%2fdraft-ietf-acme-acme-13
    
https://scanmail.trustwave.com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBXw1L9adQ&s=5&u=https%3a%2f%2fdatatracker%2eietf%2eorg%2fdoc%2fhtml%2fdraft-ietf-acme-acme-13
    
    A diff from the previous version is available at:
    
https://scanmail.trustwave.com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBGk1rYOcg&s=5&u=https%3a%2f%2fwww%2eietf%2eorg%2frfcdiff%3furl2%3ddraft-ietf-acme-acme-13
    
    
    Please note that it may take a couple of minutes from the time of submission
    until the htmlized version and diff are available at 
http://scanmail.trustwave.com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBWnhuZcKQ&s=5&u=http%3a%2f%2ftools%2eietf%2eorg
    
    Internet-Drafts are also available by anonymous FTP at:
    ftp://ftp.ietf.org/internet-drafts/
    
    _______________________________________________
    Acme mailing list
    [email protected]
    
https://scanmail.trustwave.com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBOl1b9TIg&s=5&u=https%3a%2f%2fwww%2eietf%2eorg%2fmailman%2flistinfo%2facme
    

_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme

Reply via email to