Re: [Acme] Post-IETF-96 PRs

>From the view point of Let's Encrypt/Boulder: Our original plan for major specification changes has been to provide multiple versioned API endpoints which implement different verions of ACME. Currently we only provide acme-v01.api.letsencrypt.org which implements an amalgam of the first four

Re: [Acme] Post-IETF-96 PRs

On 9 August 2016 at 02:53, Richard Barnes wrote: > Again, I'm not totally convinced that semantic mismatches are that big a > deal. The "url" parameter already scopes the signed object to a specific > resource, so the only risk would be if that specific resource accepts > different

Re: [Acme] Post-IETF-96 PRs

On Mon, Aug 08, 2016 at 09:53:07AM -0700, Richard Barnes wrote: > On Sun, Aug 7, 2016 at 8:29 PM, Martin Thomson > wrote: > > > On 8 August 2016 at 12:39, Richard Barnes wrote: > > > So I'm honestly not that convinced that we need versioning at all here. >

Re: [Acme] Post-IETF-96 PRs

On Sun, Aug 7, 2016 at 8:29 PM, Martin Thomson wrote: > On 8 August 2016 at 12:39, Richard Barnes wrote: > > So I'm honestly not that convinced that we need versioning at all here. > > Maybe we could get away with just versioning the directory? (As I

Re: [Acme] Post-IETF-96 PRs

On 8 August 2016 at 12:39, Richard Barnes wrote: > So I'm honestly not that convinced that we need versioning at all here. > Maybe we could get away with just versioning the directory? (As I think the > original issue proposed :) ) I believe that it was PHB who requested this

Re: [Acme] Post-IETF-96 PRs

On Sun, Aug 7, 2016 at 7:28 PM, Martin Thomson wrote: > On 7 August 2016 at 03:46, Jacob Hoffman-Andrews wrote: > >> #162 - Add a protocol version > >> https://github.com/ietf-wg-acme/acme/pull/162 > > > > Still thinking about this one. Seems sound at

Re: [Acme] Post-IETF-96 PRs

On Sat, Aug 6, 2016 at 12:57 PM, Peter Bowen wrote: > On Thu, Jul 28, 2016 at 2:52 PM, Richard Barnes wrote: > > Hey all, > > > > I just posted several PRs implementing agreements from the IETF meeting. > > > > #161 - Drop the OOB challenge > >

Re: [Acme] Post-IETF-96 PRs

On 7 August 2016 at 03:46, Jacob Hoffman-Andrews wrote: >> #162 - Add a protocol version >> https://github.com/ietf-wg-acme/acme/pull/162 > > Still thinking about this one. Seems sound at first glance, but I'm thinking > about TLS version intolerance and >

Re: [Acme] Post-IETF-96 PRs

On Thu, Jul 28, 2016 at 2:52 PM, Richard Barnes wrote: > Hey all, > > I just posted several PRs implementing agreements from the IETF meeting. > > #161 - Drop the OOB challenge > https://github.com/ietf-wg-acme/acme/pull/161 I'm interested in the rationale for dropping the OOB

Re: [Acme] Post-IETF-96 PRs

> I would note that the most recent version of the spec to have > new-authz also used 303 when it found an existing authz. So wherever > we end up, we should be consistent between those two cases. Good point. > > As far as 3XX (your argument is not specific to 303) -- it seems like > the

Re: [Acme] Post-IETF-96 PRs

On 08/05/2016 12:22 PM, Richard Barnes wrote: > #165 - Re-add new-authz as pre-authorization > https://github.com/ietf-wg-acme/acme/pull/165 Gave feedback on a separate thread. > #166 - Clarify 'url' field processing > https://github.com/ietf-wg-acme/acme/pull/166 LGTM > > #161 - Drop the

Re: [Acme] Post-IETF-96 PRs

Two more: #165 - Re-add new-authz as pre-authorization https://github.com/ietf-wg-acme/acme/pull/165 #166 - Clarify 'url' field processing https://github.com/ietf-wg-acme/acme/pull/166 On Thu, Jul 28, 2016 at 5:52 PM, Richard Barnes wrote: > Hey all, > > I just posted several

[Acme] Post-IETF-96 PRs

Hey all, I just posted several PRs implementing agreements from the IETF meeting. #161 - Drop the OOB challenge https://github.com/ietf-wg-acme/acme/pull/161 #162 - Add a protocol version https://github.com/ietf-wg-acme/acme/pull/162 #163 - Make duplicate new-reg return 303