We are having a tussle over a change to the draft. The current text describes something that an ACME server *can* do; the proposed change, below, removes that text.
The text was added to address an IESG DISCUSS. It takes no position on whether or not this should be done – no IETF keyword. Removing the text changes nothing. An argument for removal is that the added text could be a misleading change in emphasis of the security model. If you have anything else to add, please post it now. diff --git a/draft-ietf-acme-acme.md b/draft-ietf-acme-acme.md index 26eeeef..d90e6e7 100644 --- a/draft-ietf-acme-acme.md +++ b/draft-ietf-acme-acme.md @@ -467,10 +467,7 @@ The server MAY allow GET requests for certificate resources in order to allow certificates to be fetched by a lower-privileged process, e.g., the web server that will use the referenced certificate chain. (See {{?I-D.ietf-acme-star}} for more advanced -cases.) A server that allows GET requests for certificate resources -can still provide a degree of access control by assigning them -capability URLs {{?W3C.WD-capability-urls-20140218}}. -As above, if the server does not allow GET requests for a given +cases.) As above, if the server does not allow GET requests for a given resource, it MUST return an error with status code 405 "Method Not Allowed" and type "malformed".
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme