> On the other hand, since the language in 7.4.2 appears to be correct for
> the base ACME specification (ignoring STAR), I could see why the existing
> language should remain.


This would be my preference. I don't think the base specification should
change this close to last call for this case.

On Wed, Jul 18, 2018 at 9:01 AM, Corey Bonnell <[email protected]>
wrote:

> Hello,
> In section 7.4.2 (https://tools.ietf.org/html/draft-ietf-acme-acme-13#
> section-7.4.2), it is stated several times that certificate resources are
> immutable. Given that this isn't the case with an ACME server that supports
> the STAR extension, it might be good to remove the language around resource
> immutability to avoid potential confusion. In addition, the verbiage
> concerning the setting of cache control headers for the certificate
> resource may also cause confusion in the context of an ACME STAR server.
>
> On the other hand, since the language in 7.4.2 appears to be correct for
> the base ACME specification (ignoring STAR), I could see why the existing
> language should remain.
>
> Thanks,
> Corey Bonnell
> Senior Software Engineer
>
> Trustwave | SMART SECURITY ON DEMAND
> https://www.trustwave.com
>
> On 7/17/18, 6:14 PM, "Acme on behalf of [email protected]" <
> [email protected] on behalf of [email protected]> wrote:
>
>
>     A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
>     This draft is a work item of the Automated Certificate Management
> Environment WG of the IETF.
>
>             Title           : Automatic Certificate Management Environment
> (ACME)
>             Authors         : Richard Barnes
>                               Jacob Hoffman-Andrews
>                               Daniel McCarney
>                               James Kasten
>         Filename        : draft-ietf-acme-acme-13.txt
>         Pages           : 86
>         Date            : 2018-07-17
>
>     Abstract:
>        Certificates in PKI using X.509 (PKIX) are used for a number of
>        purposes, the most significant of which is the authentication of
>        domain names.  Thus, certificate authorities in the Web PKI are
>        trusted to verify that an applicant for a certificate legitimately
>        represents the domain name(s) in the certificate.  Today, this
>        verification is done through a collection of ad hoc mechanisms.
> This
>        document describes a protocol that a certification authority (CA)
> and
>        an applicant can use to automate the process of verification and
>        certificate issuance.  The protocol also provides facilities for
>        other certificate management functions, such as certificate
>        revocation.
>
>        RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH: The source for
>        this draft is maintained in GitHub.  Suggested changes should be
>        submitted as pull requests at https://scanmail.trustwave.
> com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0
> tELzhbEIcA&s=5&u=https%3a%2f%2fgithub%2ecom%2fietf-wg-acme%2facme
>        [1].  Instructions are on that page as well.  Editorial changes can
>        be managed in GitHub, but any substantive change should be discussed
>        on the ACME mailing list ([email protected]).
>
>
>     The IETF datatracker status page for this draft is:
>     https://scanmail.trustwave.com/?c=4062&d=w-
> rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBX3heYJIQ&s=5&u=https%3a%2f%
> 2fdatatracker%2eietf%2eorg%2fdoc%2fdraft-ietf-acme-acme%2f
>
>     There are also htmlized versions available at:
>     https://scanmail.trustwave.com/?c=4062&d=w-
> rO20a3QMhWrSVuXInhjs8zAw1bWrG0tEKghb9eKA&s=5&u=https%3a%2f%
> 2ftools%2eietf%2eorg%2fhtml%2fdraft-ietf-acme-acme-13
>     https://scanmail.trustwave.com/?c=4062&d=w-
> rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBXw1L9adQ&s=5&u=https%3a%2f%
> 2fdatatracker%2eietf%2eorg%2fdoc%2fhtml%2fdraft-ietf-acme-acme-13
>
>     A diff from the previous version is available at:
>     https://scanmail.trustwave.com/?c=4062&d=w-
> rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBGk1rYOcg&s=5&u=https%3a%2f%
> 2fwww%2eietf%2eorg%2frfcdiff%3furl2%3ddraft-ietf-acme-acme-13
>
>
>     Please note that it may take a couple of minutes from the time of
> submission
>     until the htmlized version and diff are available at
> http://scanmail.trustwave.com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0
> tBWnhuZcKQ&s=5&u=http%3a%2f%2ftools%2eietf%2eorg
>
>     Internet-Drafts are also available by anonymous FTP at:
>     ftp://ftp.ietf.org/internet-drafts/
>
>     _______________________________________________
>     Acme mailing list
>     [email protected]
>     https://scanmail.trustwave.com/?c=4062&d=w-
> rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBOl1b9TIg&s=5&u=https%3a%2f%
> 2fwww%2eietf%2eorg%2fmailman%2flistinfo%2facme
>
>
> _______________________________________________
> Acme mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/acme
>
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme

Reply via email to