I'm strongly in favour of Jacob's suggestions in 459.
On Fri, Oct 5, 2018 at 7:17 PM Jacob Hoffman-Andrews wrote:
> Here's my proposal that removes the STAR special-casing in ACME, making
> certificate URLs behave the same way as all other fetchable resources:
>
Here's my proposal that removes the STAR special-casing in ACME, making
certificate URLs behave the same way as all other fetchable resources:
https://github.com/ietf-wg-acme/acme/pull/459.
Sticking STAR concerns into the ACME draft so late in ACME development
is only going to cause issues.
>The removed language is a non-normative statement of fact
You can't introduce a new authentication method in post-Last Call
revisions, and claim they are non-significant simply because they are
not formally normative.
> It seems like you're trying to get rid of a better option to maintain
On Fri, Oct 5, 2018 at 1:41 PM Adam Roach wrote:
> [as an individual]
>
> On 10/5/18 11:21 AM, Jacob Hoffman-Andrews wrote:
>
> In the rounds of reviews on https://github.com/ietf-wg-acme/acme/pull/445,
> I missed an addition: the suggestion to use capability URLs for access
> control on
[as an individual]
On 10/5/18 11:21 AM, Jacob Hoffman-Andrews wrote:
In the rounds of reviews on
https://github.com/ietf-wg-acme/acme/pull/445, I missed an addition:
the suggestion to use capability URLs for access control on
certificate URLs. We should definitely not introduce this into the
In the rounds of reviews on
https://github.com/ietf-wg-acme/acme/pull/445, I missed an addition: the
suggestion to use capability URLs for access control on certificate
URLs. We should definitely not introduce this into the spec: ACME has
one authentication model, based on JWS signing. We