I didn't merge, I just opened the PR so that we could have the discussion.
On Sat, Oct 6, 2018, 17:44 Salz, Rich wrote:
> The fact that there were open concerns does not mean that PR455 was wrong.
>
>
>
> Please undo the revert that was part of PR458.
>
>
>
> EVERYONE. Stop merging. Discuss on
The fact that there were open concerns does not mean that PR455 was wrong.
Please undo the revert that was part of PR458.
EVERYONE. Stop merging. Discuss on the list.
From: Richard Barnes
Date: Saturday, October 6, 2018 at 5:38 PM
To: "acme@ietf.org"
Subject: [Acme] Randomizing URLs in examp
I have opened a PR reverting Jacob's reversion of the #455
https://github.com/ietf-wg-acme/acme/pull/460
The randomization of examples is independent of whether you think GETs are
a good idea or not. As noted in the Security Considerations, having
different types of resources in different namesp
I'm not hard set against this change, I just don't see much benefit.
Allowing GETs for certificate URLs is so low-risk that we weren't going to
access-control it at all until a couple weeks ago. Now it's so high-risk
that we need to REQUIRE authentication? That's "REQUIRED" in the RFC 2119
sense
Speaking as Area Director: there is no process problem with this reference.
Of course, it's a WG decision whether it's advisable.
-Ekr
On Sat, Oct 6, 2018 at 8:31 AM Salz, Rich wrote:
> In order to address an issue raised during IESG review, unauthenticated
> GET for ACME server resources was
In order to address an issue raised during IESG review, unauthenticated GET for
ACME server resources was changed to a simple POST that had a signed message
body, providing authentication. Some raised the issue that they still wanted
GET for certificates, as they’re public information and that s
We are having a tussle over a change to the draft.
The current text describes something that an ACME server *can* do; the proposed
change, below, removes that text.
The text was added to address an IESG DISCUSS. It takes no position on whether
or not this should be done – no IETF keyword. Remov