[Acme] More specific error codes for certificate revocation, at least for some cases?

Hi, while implementing certificate revocation in an ACME client, I noticed that the current ACME draft is very vague about errors to return when revocation fails. The draft says "If the revocation fails, the server returns an error."

[Acme] optional MIME parameter for application/pem-certificate-chain

t default value, i.e. the default is to do what the ACME server already did before), and a formulation which suggests the server SHOULD respect this parameter. I think the name "includeroot" is fine, but it could also be "include-root" or something different. Are there any opinions

Re: [Acme] ACME breaking change: Most GETs become POSTs

Hi Richard, > I was able upgrade the lego client in a pretty short patch (5 files > changed, 26 insertions(+), 16 deletions(-)) [0]. It interoperates > with Daniel's branch of pebble. you were faster :) I've adjusted Ansible's acme_certificate module to also work with Daniel's branch in

[Acme] malformedRequest vs. malformed in draft-ietf-acme-acme-15

Hi, while looking at POST-as-GET support for account URLs, I noticed that draft-ietf-acme-acme-15 mentions an error called "malformedRequest" in two places (w.r.t. POST-as-GET), while the error is simply called "malformed" in the list in Section 6.7. I think this is an oversight and they should

[Acme] stray Accept: application/pkix headers

Hi, I've noticed that there are two stray "Accept: application/pkix" headers in examples where they don't make sense (as the answer is application/json): - Section 7.5 (Identifier Authorization), top of page 50 - Section 7.5.1 (Responding to Challenges), top of page 53 I think they have been

Re: [Acme] Adam Roach's Discuss on draft-ietf-acme-acme-14: (with DISCUSS and COMMENT)

Hello, > On 8/30/18 7:55 AM, Richard Barnes wrote: > > Focusing on DISCUSS comment for now, will pick up COMMENTs later. > > > > On your DISCUSS, I think you're off on a couple of small things > > > Yeah, I woke up with the sudden realization that I'd had the wrong > model in my head when I

Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-acme-14: (with DISCUSS and COMMENT)

Hi, > > >[...] Secondly, the entropy requirement > > >prevents ACME clients from implementing a "naive" validation > > > server that automatically replies to challenges without > > > participating in the creation of the initial authorization > > > request. > > > > > > IMPORTANT: I'm not

Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-acme-14: (with DISCUSS and COMMENT)

Hi, > > > > > >[...] Secondly, the entropy requirement > > > > > >prevents ACME clients from implementing a "naive" > > > > > > validation server that automatically replies to challenges > > > > > > without participating in the creation of the initial > > > > > > authorization request. >