Chairs: It looks like there's consensus among the author team to close out this discussoin by merging #459, #460, and #463. Is that all right with you?
On Wed, Oct 10, 2018 at 5:23 PM Jacob Hoffman-Andrews <j...@eff.org> wrote: > Pushed some more changes. > > On 10/10/2018 02:06 PM, Jacob Hoffman-Andrews wrote: > > Updated to include Orders and Authorizations in the example as you > requested. https://github.com/ietf-wg-acme/acme/pull/463/files > > On 10/09/2018 04:49 PM, Jacob Hoffman-Andrews wrote: > > I'll revise this to include examples from the other URLs. One of my goals > is to switch away from the "counting accounts" or "counting authzs" > examples (which I think we can't effectively mitigate) to more specific > examples of correlations. However, I think I can make that point with > examples from across all the different resource types. > > On 10/09/2018 12:27 PM, Richard Barnes wrote: > > Thanks for the PR. > > My only issue is with the changes in there that slim down the example. > ISTM that we should be encouraging unguessable URLs as widely as possible; > guessable URLs should be a justified exception (as you noted in your > description of what LE does). > > If you could slim this down to just killing the "Capability URL" > reference, I would be +1 > > On Tue, Oct 9, 2018 at 3:20 PM Jacob Hoffman-Andrews <j...@eff.org> wrote: > >> On 10/09/2018 11:53 AM, Jacob Hoffman-Andrews wrote: >> > Also, I would add a caveat that this type of URL design is only >> > necessary for properties that the CA considers secret. For instance, >> > Let's Encrypt does not consider its number of accounts secret, and >> > assigns serially incrementing IDs to account URLs. >> > >> > I'll send a PR later today tweaking this section. >> >> Here's a PR improving the correlations section of security concerns: >> https://github.com/ietf-wg-acme/acme/pull/463 >> >> _______________________________________________ >> Acme mailing list >> Acme@ietf.org >> https://www.ietf.org/mailman/listinfo/acme >> > > > > _______________________________________________ > Acme mailing listAcme@ietf.orghttps://www.ietf.org/mailman/listinfo/acme > > > > > _______________________________________________ > Acme mailing listAcme@ietf.orghttps://www.ietf.org/mailman/listinfo/acme > > >
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme