> On the other hand, since the language in 7.4.2 appears to be correct for > the base ACME specification (ignoring STAR), I could see why the existing > language should remain.
This would be my preference. I don't think the base specification should change this close to last call for this case. On Wed, Jul 18, 2018 at 9:01 AM, Corey Bonnell <[email protected]> wrote: > Hello, > In section 7.4.2 (https://tools.ietf.org/html/draft-ietf-acme-acme-13# > section-7.4.2), it is stated several times that certificate resources are > immutable. Given that this isn't the case with an ACME server that supports > the STAR extension, it might be good to remove the language around resource > immutability to avoid potential confusion. In addition, the verbiage > concerning the setting of cache control headers for the certificate > resource may also cause confusion in the context of an ACME STAR server. > > On the other hand, since the language in 7.4.2 appears to be correct for > the base ACME specification (ignoring STAR), I could see why the existing > language should remain. > > Thanks, > Corey Bonnell > Senior Software Engineer > > Trustwave | SMART SECURITY ON DEMAND > https://www.trustwave.com > > On 7/17/18, 6:14 PM, "Acme on behalf of [email protected]" < > [email protected] on behalf of [email protected]> wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Automated Certificate Management > Environment WG of the IETF. > > Title : Automatic Certificate Management Environment > (ACME) > Authors : Richard Barnes > Jacob Hoffman-Andrews > Daniel McCarney > James Kasten > Filename : draft-ietf-acme-acme-13.txt > Pages : 86 > Date : 2018-07-17 > > Abstract: > Certificates in PKI using X.509 (PKIX) are used for a number of > purposes, the most significant of which is the authentication of > domain names. Thus, certificate authorities in the Web PKI are > trusted to verify that an applicant for a certificate legitimately > represents the domain name(s) in the certificate. Today, this > verification is done through a collection of ad hoc mechanisms. > This > document describes a protocol that a certification authority (CA) > and > an applicant can use to automate the process of verification and > certificate issuance. The protocol also provides facilities for > other certificate management functions, such as certificate > revocation. > > RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH: The source for > this draft is maintained in GitHub. Suggested changes should be > submitted as pull requests at https://scanmail.trustwave. > com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0 > tELzhbEIcA&s=5&u=https%3a%2f%2fgithub%2ecom%2fietf-wg-acme%2facme > [1]. Instructions are on that page as well. Editorial changes can > be managed in GitHub, but any substantive change should be discussed > on the ACME mailing list ([email protected]). > > > The IETF datatracker status page for this draft is: > https://scanmail.trustwave.com/?c=4062&d=w- > rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBX3heYJIQ&s=5&u=https%3a%2f% > 2fdatatracker%2eietf%2eorg%2fdoc%2fdraft-ietf-acme-acme%2f > > There are also htmlized versions available at: > https://scanmail.trustwave.com/?c=4062&d=w- > rO20a3QMhWrSVuXInhjs8zAw1bWrG0tEKghb9eKA&s=5&u=https%3a%2f% > 2ftools%2eietf%2eorg%2fhtml%2fdraft-ietf-acme-acme-13 > https://scanmail.trustwave.com/?c=4062&d=w- > rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBXw1L9adQ&s=5&u=https%3a%2f% > 2fdatatracker%2eietf%2eorg%2fdoc%2fhtml%2fdraft-ietf-acme-acme-13 > > A diff from the previous version is available at: > https://scanmail.trustwave.com/?c=4062&d=w- > rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBGk1rYOcg&s=5&u=https%3a%2f% > 2fwww%2eietf%2eorg%2frfcdiff%3furl2%3ddraft-ietf-acme-acme-13 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at > http://scanmail.trustwave.com/?c=4062&d=w-rO20a3QMhWrSVuXInhjs8zAw1bWrG0 > tBWnhuZcKQ&s=5&u=http%3a%2f%2ftools%2eietf%2eorg > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > Acme mailing list > [email protected] > https://scanmail.trustwave.com/?c=4062&d=w- > rO20a3QMhWrSVuXInhjs8zAw1bWrG0tBOl1b9TIg&s=5&u=https%3a%2f% > 2fwww%2eietf%2eorg%2fmailman%2flistinfo%2facme > > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
