[as an individual]
On 10/5/18 11:21 AM, Jacob Hoffman-Andrews wrote:
In the rounds of reviews on
https://github.com/ietf-wg-acme/acme/pull/445, I missed an addition:
the suggestion to use capability URLs for access control on
certificate URLs. We should definitely not introduce this into the
spec: ACME has one authentication model, based on JWS signing. We
shouldn't introduce another, weaker authentication model. I pointed
this out way back in 2015:
https://github.com/letsencrypt/acme-spec/pull/48#issuecomment-70169712.
At the time, the WG decision was to split resources into sensitive
ones (authenticated) and non-sensitive ones (unauthenticated). The
recent round of POST-as-GET changes consolidates things so nearly
everything is authenticated. I don't think there's a strong case to
introduce a new, halfway level of authentication based on capability
URLs. If we want certificates to be authenticated, let's authenticate
them the same way as everything else, and let the STAR group define an
extension for unauthenticated URLs. Here's my PR backing out the
change: https://github.com/ietf-wg-acme/acme/pull/457
I oppose this change. The removed language is a non-normative statement
of fact for the benefit of implementors. Removing it does not change the
fact that capability URLs can be used in this context; it simply hides
this fact from the reader.
/a
_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme