[Acme] Spec change to allow retrieval of Terms of Service URL
Matthew Holt <matthew.holt@gmail.com> Fri, 06 November 2015 19:03 UTC
Return-Path: <matthew.holt@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C49641B2EFA for <acme@ietfa.amsl.com>; Fri, 6 Nov 2015 11:03:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wrNAWcHy14X8 for <acme@ietfa.amsl.com>; Fri, 6 Nov 2015 11:03:46 -0800 (PST)
Received: from mail-yk0-x22b.google.com (mail-yk0-x22b.google.com [IPv6:2607:f8b0:4002:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 078501A1B96 for <acme@ietf.org>; Fri, 6 Nov 2015 11:03:46 -0800 (PST)
Received: by ykba4 with SMTP id a4so193988798ykb.3 for <acme@ietf.org>; Fri, 06 Nov 2015 11:03:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=u1ddea3n1fxy15n42KIxKak6XFY0NXhCT/K2jdT0YyY=; b=TbInx6gbWhr2/mDAnZh+PG7S73Slu0khPjjdjtsR0LkK/vk24K1+Lg8BxA7HW8PlNT nUbbTaeEr52PuSYc95yeV0001Lgy0G+sx8Owob9C9J8udGpWgsI0x+sSE0b7OXDQ/yKf RDZIjjzfwrXbZlii+SigERHT59q0W5m5hUPbgT0YnS3SS62TRNpwUcuR1EfLIVgclYOO OlORae4ocG2ajOTC0+DphQ61bfQ7VD40qh3qN1fQaCfs0YEJwQ5lpCg6XCI4BfKO3JR+ suhG9pgIDRuBIRRDFWNGKE699LkV/6c2HTUNX1+gx7MKoqSCr1P+ks55jOP6Pqbei1s8 egYg==
X-Received: by 10.129.130.7 with SMTP id s7mr12138739ywf.29.1446836625195; Fri, 06 Nov 2015 11:03:45 -0800 (PST)
MIME-Version: 1.0
From: Matthew Holt <matthew.holt@gmail.com>
Date: Fri, 06 Nov 2015 19:03:35 +0000
Message-ID: <CAPWFDXWx-STKyM-wUvg78onZyh7vROxXm0_8g2+6n79v9Qc+cQ@mail.gmail.com>
To: acme@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c07c91417de7a0523e3e76a"
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/N4ujtRye-mA1qrIVie8QsLfvoyU>
X-Mailman-Approved-At: Sun, 08 Nov 2015 02:05:11 -0800
Subject: [Acme] Spec change to allow retrieval of Terms of Service URL
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2015 19:09:08 -0000
I'd like to propose a change that allows clients of the ACME protocol to
obtain the URL to the CA's current Terms of Service (if any) without
re-registering or trying to obtain a certificate and getting a failure
response.
This proposal has two parts: adding an entry to the directory, and adding
the current ToS URL to response headers.
Section 6.2 explains the directory, and adding an entry to the directory
seems logical:
{
"new-reg": "https://example.com/acme/new-reg",
"recover-reg": "https://example.com/acme/recover-reg",
"new-authz": "https://example.com/acme/new-authz",
"new-cert": "https://example.com/acme/new-cert",
"revoke-cert": "https://example.com/acme/revoke-cert",
* "agreement-url": "https://example.com/acme/subscriber-agreement-v01.pdf
<https://example.com/acme/subscriber-agreement-v01.pdf>",*
}
Additionally, including the current ToS in response headers of a failed
request will allow clients to show the current terms and re-prompt the user
immediately, if available. Something like this:
*Agreement-URL: https://example.com/acme/subscriber-agreement-v01.pdf
<https://example.com/acme/subscriber-agreement-v01.pdf>*
Both of these could be optional (as the CA sees fit), but it makes it
possible for clients to offer a better user experience.
Thanks,
Matt Holt
- [Acme] Spec change to allow retrieval of Terms of… Matthew Holt
- Re: [Acme] Spec change to allow retrieval of Term… Daniel Kahn Gillmor
- Re: [Acme] Spec change to allow retrieval of Term… Yoav Nir
- Re: [Acme] Spec change to allow retrieval of Term… Matthew Holt
- Re: [Acme] Spec change to allow retrieval of Term… Daniel Kahn Gillmor
- Re: [Acme] Spec change to allow retrieval of Term… Matthew Holt
- Re: [Acme] Spec change to allow retrieval of Term… Richard Barnes
- Re: [Acme] Spec change to allow retrieval of Term… Richard Barnes
- Re: [Acme] Spec change to allow retrieval of Term… Matthew Holt