Hello, this came up in the discussion of https://github.com/ietf-wg-acme/acme/issues/435 ("An optional MIME parameter for application/pem-certificate-chain?"). I'm interested in a reliable way to retrieve the root certificate, resp. the complete certificate chain including a root certificate. This is sometimes needed, for example for setting up an AWS ELB load balancer, or for configuring OCSP verification in nginx, and also to simply verify the validity of the returned chain down to the root.
During the discussion in the Github issue, Logan Widick suggested a boolean MIME parameter (with suggested name "includeroot") for application/pem-certificate-chain. Since the issue (originally about another MIME parameter) is now closed, I want to bring this suggestion up on the mailing list. My suggestion would be that this parameter is optional (with no explicit default value, i.e. the default is to do what the ACME server already did before), and a formulation which suggests the server SHOULD respect this parameter. I think the name "includeroot" is fine, but it could also be "include-root" or something different. Are there any opinions on this? Thanks and best regards, Felix Fontein _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
