[Acme] missing comma

2018-06-14 Thread Felipe Gasper 
I’m not sure what the best forum is to report minor typographical issues, but:

6.2:

  *  "jwk" (JSON Web Key, for all requests not signed using an
 existing account, e.g. newAccount)

^^ Everyplace else in the spec puts a comma after “e.g.”, so I would think 
there should be one here as well.

-Felipe Gasper
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

Re: [Acme] More specific error codes for certificate revocation, at least for some cases?

2018-06-14 Thread Daniel McCarney 
>
> When trying this out with Boulder (Let's Encrypt staging), I noticed
> that Boulder returns urn:ietf:params:acme:error:malformed with detail
> "Certificate already revoked" if the certificate has already been
> revoked. On the other hand, the Pebble testing server simply returns a
> 404 error.


Pebble also returns a malformed problem for this case as of
https://github.com/letsencrypt/pebble/commit/c0cc64314be427c6d39679e95a7794c89a293912
- Thanks again for flagging that!


On Tue, Jun 12, 2018 at 5:04 PM, Felix Fontein <
felix=40fontein...@dmarc.ietf.org> wrote:

> Hi,
>
> while implementing certificate revocation in an ACME client, I noticed
> that the current ACME draft is very vague about errors to return when
> revocation fails. The draft says "If the revocation fails, the server
> returns an
> error." (https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.6),
> which is followed by an example which returns
> urn:ietf:params:acme:error:unauthorized with detail "No authorization
> provided for name example.net".
>
> When trying this out with Boulder (Let's Encrypt staging), I noticed
> that Boulder returns urn:ietf:params:acme:error:malformed with detail
> "Certificate already revoked" if the certificate has already been
> revoked. On the other hand, the Pebble testing server simply returns a
> 404 error.
>
> I think it would make sense to define more specific error codes the
> server could return for certificate revocation. In particular, there
> should be an error code for "certificate has already been
> revoked" (maybe urn:ietf:params:acme:error:alreadyRevoked?). This would
> make it easier for clients to detect this specific situations.
>
> The rationale behind this is that it allows the client to distinguish
> between errors which require no user interventions (if the certificate
> has already been revoked, the action the user wanted to perform did
> fail, but everything is fine since there is no need to still revoke the
> certificate), and errors which require user intervention (if the
> certificate was not revoked, and the user has to do something to make
> sure it is really revoked, like providing the correct account key /
> private key). Without a well-defined error, a client author has to
> guess (or simply assume that every server behaves as Boulder and sends
> the same error detail).
>
> Thank you for your considerations,
> Felix
>
>
> ___
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

Re: [Acme] missing comma

2018-06-14 Thread Daniel McCarney 
Hi Felipe,

I’m not sure what the best forum is to report minor typographical issues


The draft Github repository's (https://github.com/ietf-wg-acme/acme) README
suggests the following:

If you have editorial suggestions (i.e., those that do not change the
> meaning of the specification), you can either:
> a) Fork this repository and submit a pull request; this is the lowest
> friction way to get editorial changes in.
> b) Submit a new issue to GitHub, and mention that you believe it is
> editorial in the issue body. It is not necessary to notify the mailing list
> for editorial issues.
> c) Make comments on individual commits in GitHub. Note that this feedback
> is processed only with best effort by the editors, so it should only be
> used for quick editorial suggestions or questions.


I went ahead and did option A with credit to you:
https://github.com/ietf-wg-acme/acme/pull/427

Thanks for flagging that,

- Daniel / cpu

On Thu, Jun 14, 2018 at 7:04 AM, Felipe Gasper 
wrote:

> I’m not sure what the best forum is to report minor typographical issues,
> but:
>
> 6.2:
>
>   *  "jwk" (JSON Web Key, for all requests not signed using an
>  existing account, e.g. newAccount)
>
> ^^ Everyplace else in the spec puts a comma after “e.g.”, so I would think
> there should be one here as well.
>
> -Felipe Gasper
> ___
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme