[Acme] The path to the "directory" resource should not be "/" and should be specified in draft-ietf-acme-acme-01

Albert ARIBAUD <albert.aribaud@gmail.com> Fri, 08 January 2016 19:50 UTC

Return-Path: <albert.aribaud@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 293421B2B51 for <acme@ietfa.amsl.com>; Fri, 8 Jan 2016 11:50:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I42mtSXofMZc for <acme@ietfa.amsl.com>; Fri, 8 Jan 2016 11:50:00 -0800 (PST)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0C471B2B53 for <acme@ietf.org>; Fri, 8 Jan 2016 11:49:59 -0800 (PST)
Received: by mail-wm0-x234.google.com with SMTP id f206so147465406wmf.0 for <acme@ietf.org>; Fri, 08 Jan 2016 11:49:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:mime-version:content-type :content-transfer-encoding; bh=Ik+Nro4LjJNyL85e36FUy3y3uNEMIBvPajJrG0uYO00=; b=R9FlMYrBzQiFu/19XH9M1U4F3EISs/uBfl8Jjzugh0xDnrcLelQLZZCgWe2HpRVLTM RTG6mP6Z5XCQygTmtfBd4W2Es7EIfXJwcNvnbPE6YibOkFlCwBaUJCGMHbdoRa5uYNNu vpRCIVFODBtAMPG8A1kqYFF013SUzoZW63cErjmFQ91swHQIXzsko214GeqA5trEDD31 BstGShGO+dEPCnF5vePRuGmYUSHOiks8BB91PFm6PLydt3PRHLVDJvDC+boVMwnRLt9D Cexm5RWWxfFgIYHCecwOk5RKYoBxfRv/yoMhEpA/DBRuUCTEh4DNMcgbXe7PAwPXz32c 2n7A==
X-Received: by 10.28.5.213 with SMTP id 204mr87963wmf.20.1452282598357; Fri, 08 Jan 2016 11:49:58 -0800 (PST)
Received: from lilith ([2001:470:1f13:25f:ae22:bff:fe1a:1040]) by smtp.gmail.com with ESMTPSA id y188sm602266wmy.11.2016.01.08.11.49.57 for <acme@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 08 Jan 2016 11:49:57 -0800 (PST)
Date: Fri, 8 Jan 2016 20:49:56 +0100
From: Albert ARIBAUD <albert.aribaud@gmail.com>
To: acme@ietf.org
Message-ID: <20160108204956.4930f429@lilith>
X-Mailer: Claws Mail 3.12.0 (GTK+ 2.24.28; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/LuqFKIYFU3CgMkfOJIFmLCEsRJE>
Subject: [Acme] The path to the "directory" resource should not be "/" and should be specified in draft-ietf-acme-acme-01
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jan 2016 19:50:57 -0000

Hello all (and a happy New Year),

I am looking at draft-ietf-acme-acme-01 as available on github right
now, more precisely at section 6.2 and the "directory" resource which
would allow a client to find out the URIs for other resources.

Since "directory" is there to help find URIs for resources, it must
itself be at a know URI.

draft-ietf-acme-acme-01 states:

	In order to help clients configure themselves with the right
	URIs for each ACME operation, ACME servers provide a directory
	object. This should be the root URL with which clients are
	configured.

The question is, what exactly is the "root URL"? At first thought it
would be the "/" path on the server.

But for "/", https://acme-v01.api.letsencrypt.org returns an HTML page
which, among other human-targeted information, mentions that the ACME
directory is at "/directory". Which makes acme-v01.api.letsencrypt.org
non-compliant to draft-ietf-acme-acme-01.

Keeping "/" as a browser-renderable "front page" for a server makes
sense, so my opinion is that placing the directory at a pre-decided,
non-root URL would be a sensible choice and draft-ietf-acme-acme-01
should specify the path where ACME clients would find the ACME
directory (and "/acme" might be a possible candidate IMO).

Or did I get the whole thing wrong?

Amicalement,
-- 
Albert.