The 10/08/2018 09:49, Yaron Sheffer wrote:
> IMO Richard's proposal is too coarse, in the sense that servers may want to
> publish some certificates with GET and others with POST-as-GET. So either
> this should not be a server-wide flag, or if it is, it should be augmented
> by a per-Order flag where the client can request what it needs.
IIUC, your suggestion is to slightly change the semantics of
certificateGET to something like: "If this field is present and set to
"true", then the server, if requested by the client, allows GET requests
to certificate URLs (see {{post-as-get}}).", and add a new flag to the
Order to allow clients to request plain-GETs (which would be otherwise
405'd)?
If so, +1.
> Before this PR, the expectation is that certificates are only published with
> POST-as-GET by default. But extensions (such as STAR) can mandate that
> specific classes of certs be published with GET. If we don't want explicit
> per-Order signaling, we'd better leave the current text as-is.
I think PR#462 is one step in the right direction. Going back to no
signalling, making this some sort of clandestine feature, is not great.
_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
