We are having a tussle over a change to the draft.
The current text describes something that an ACME server *can* do; the proposed
change, below, removes that text.
The text was added to address an IESG DISCUSS. It takes no position on whether
or not this should be done – no IETF keyword. Removing the text changes
nothing. An argument for removal is that the added text could be a misleading
change in emphasis of the security model.
If you have anything else to add, please post it now.
diff --git a/draft-ietf-acme-acme.md b/draft-ietf-acme-acme.md
index 26eeeef..d90e6e7 100644
--- a/draft-ietf-acme-acme.md
+++ b/draft-ietf-acme-acme.md
@@ -467,10 +467,7 @@ The server MAY allow GET requests for certificate
resources in
order to allow certificates to be fetched by a lower-privileged
process, e.g., the web server that will use the referenced
certificate chain. (See {{?I-D.ietf-acme-star}} for more advanced
-cases.) A server that allows GET requests for certificate resources
-can still provide a degree of access control by assigning them
-capability URLs {{?W3C.WD-capability-urls-20140218}}.
-As above, if the server does not allow GET requests for a given
+cases.) As above, if the server does not allow GET requests for a given
resource, it MUST return an error with status code 405 "Method Not
Allowed" and type "malformed".
_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
