Hello, In section 7.4.2 (https://tools.ietf.org/html/draft-ietf-acme-acme-13#section-7.4.2), it is stated several times that certificate resources are immutable. Given that this isn't the case with an ACME server that supports the STAR extension, it might be good to remove the language around resource immutability to avoid potential confusion. In addition, the verbiage concerning the setting of cache control headers for the certificate resource may also cause confusion in the context of an ACME STAR server.
On the other hand, since the language in 7.4.2 appears to be correct for the base ACME specification (ignoring STAR), I could see why the existing language should remain. Thanks, Corey Bonnell Senior Software Engineer Trustwave | SMART SECURITY ON DEMAND https://www.trustwave.com On 7/17/18, 6:14 PM, "Acme on behalf of [email protected]" <[email protected] on behalf of [email protected]> wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Automated Certificate Management Environment WG of the IETF. Title : Automatic Certificate Management Environment (ACME) Authors : Richard Barnes Jacob Hoffman-Andrews Daniel McCarney James Kasten Filename : draft-ietf-acme-acme-13.txt Pages : 86 Date : 2018-07-17 Abstract: Certificates in PKI using X.509 (PKIX) are used for a number of purposes, the most significant of which is the authentication of domain names. Thus, certificate authorities in the Web PKI are trusted to verify that an applicant for a certificate legitimately represents the domain name(s) in the certificate. Today, this verification is done through a collection of ad hoc mechanisms. This document describes a protocol that a certification authority (CA) and an applicant can use to automate the process of verification and certificate issuance. The protocol also provides facilities for other certificate management functions, such as certificate revocation. RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH: The source for this draft is maintained in GitHub. Suggested changes should be submitted as pull requests at https://scanmail.trustwave.com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0tELzhbEIcA&s=5&u=https%3a%2f%2fgithub%2ecom%2fietf-wg-acme%2facme [1]. Instructions are on that page as well. Editorial changes can be managed in GitHub, but any substantive change should be discussed on the ACME mailing list ([email protected]). The IETF datatracker status page for this draft is: https://scanmail.trustwave.com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBX3heYJIQ&s=5&u=https%3a%2f%2fdatatracker%2eietf%2eorg%2fdoc%2fdraft-ietf-acme-acme%2f There are also htmlized versions available at: https://scanmail.trustwave.com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0tEKghb9eKA&s=5&u=https%3a%2f%2ftools%2eietf%2eorg%2fhtml%2fdraft-ietf-acme-acme-13 https://scanmail.trustwave.com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBXw1L9adQ&s=5&u=https%3a%2f%2fdatatracker%2eietf%2eorg%2fdoc%2fhtml%2fdraft-ietf-acme-acme-13 A diff from the previous version is available at: https://scanmail.trustwave.com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBGk1rYOcg&s=5&u=https%3a%2f%2fwww%2eietf%2eorg%2frfcdiff%3furl2%3ddraft-ietf-acme-acme-13 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at http://scanmail.trustwave.com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBWnhuZcKQ&s=5&u=http%3a%2f%2ftools%2eietf%2eorg Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Acme mailing list [email protected] https://scanmail.trustwave.com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBOl1b9TIg&s=5&u=https%3a%2f%2fwww%2eietf%2eorg%2fmailman%2flistinfo%2facme _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
