On Fri, Oct 5, 2018 at 1:41 PM Adam Roach <a...@nostrum.com> wrote: > [as an individual] > > On 10/5/18 11:21 AM, Jacob Hoffman-Andrews wrote: > > In the rounds of reviews on https://github.com/ietf-wg-acme/acme/pull/445, > I missed an addition: the suggestion to use capability URLs for access > control on certificate URLs. We should definitely not introduce this into > the spec: ACME has one authentication model, based on JWS signing. We > shouldn't introduce another, weaker authentication model. I pointed this > out way back in 2015: > https://github.com/letsencrypt/acme-spec/pull/48#issuecomment-70169712. > > At the time, the WG decision was to split resources into sensitive ones > (authenticated) and non-sensitive ones (unauthenticated). The recent round > of POST-as-GET changes consolidates things so nearly everything is > authenticated. I don't think there's a strong case to introduce a new, > halfway level of authentication based on capability URLs. If we want > certificates to be authenticated, let's authenticate them the same way as > everything else, and let the STAR group define an extension for > unauthenticated URLs. Here's my PR backing out the change: > https://github.com/ietf-wg-acme/acme/pull/457 > > > I oppose this change. The removed language is a non-normative statement > of fact for the benefit of implementors. Removing it does not change the > fact that capability URLs can be used in this context; it simply hides this > fact from the reader. > I think Adam is on the right track here.
Jacob: The change you're proposing makes security worse. The security properties of GET-without-capability-URLs are strictly worse than GET-with-capability-URLs. It seems like you're trying to get rid of a better option to maintain the appearance architectural purity. --Richard /a > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme