I'm in favor of this change in spirit, but it's pretty substantive and
will actually do the wrong thing with some existing deployments. For
instance, https://acme-v02.api.letsencrypt.org/directory currently has:
Cache-Control: max-age=0, no-cache, no-store
Which under this language would require clients to refetch the directory
before every request. Definitely Let's Encrypt should fix that, but
given that RFCs are meant to reflect "rough consensus and running code,"
I'm reluctant to make such a potentially breaking change to running code
in an errata. I also feel a little uneasy at adding a MUST that is
currently violated by every implementation that exists.
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
