In the rounds of reviews on
https://github.com/ietf-wg-acme/acme/pull/445, I missed an addition: the
suggestion to use capability URLs for access control on certificate
URLs. We should definitely not introduce this into the spec: ACME has
one authentication model, based on JWS signing. We shouldn't introduce
another, weaker authentication model. I pointed this out way back in
2015:
https://github.com/letsencrypt/acme-spec/pull/48#issuecomment-70169712.
At the time, the WG decision was to split resources into sensitive ones
(authenticated) and non-sensitive ones (unauthenticated). The recent
round of POST-as-GET changes consolidates things so nearly everything is
authenticated. I don't think there's a strong case to introduce a new,
halfway level of authentication based on capability URLs. If we want
certificates to be authenticated, let's authenticate them the same way
as everything else, and let the STAR group define an extension for
unauthenticated URLs. Here's my PR backing out the change:
https://github.com/ietf-wg-acme/acme/pull/457
_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme