Re: [Acme] Spec change to allow retrieval of Terms of Service URL
Matthew Holt <matthew.holt@gmail.com> Tue, 29 December 2015 00:27 UTC
Return-Path: <matthew.holt@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52EBA1ACE25 for <acme@ietfa.amsl.com>; Mon, 28 Dec 2015 16:27:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.701
X-Spam-Level:
X-Spam-Status: No, score=0.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dwliX-psBrbF for <acme@ietfa.amsl.com>; Mon, 28 Dec 2015 16:27:02 -0800 (PST)
Received: from mail-yk0-x22c.google.com (mail-yk0-x22c.google.com [IPv6:2607:f8b0:4002:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F22A1ACE27 for <acme@ietf.org>; Mon, 28 Dec 2015 16:27:02 -0800 (PST)
Received: by mail-yk0-x22c.google.com with SMTP id k129so94834145yke.0 for <acme@ietf.org>; Mon, 28 Dec 2015 16:27:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=AxSxyp5Tzf/f0zCOZsQmP20lRCCxnkK9qsh/A9WL5oY=; b=aolm/iGQX6H6hZxC4dch+XrKaQewHk9dvjLdiLDkuIXwOKD8nMmTyoT8+NAeRyD6+Q uexKZ7fwJ7N9//5dS4A//ws4GE7Qq45VuJadglfotG6TbLPB2TzfF11pLLFPT42Op/s2 zIRTEd+WjKhocW66oqVXTEnySw79yE+mcNYr6tnagUVf9ltdKCyCb2CpVseQDnI9u+kr kyWleb/DsE489ndQmDhidLDPO8QQBIzCOnor3g/wDAWQuq1+cp5nFxFbV2BCunBxRl/x j0ibKGcW48+33ga4kZ2LCozdnq+uUVCBTOnXoY9sOpNMo5FjPI8Dut+2UE0vp/4MTGpA xqyw==
X-Received: by 10.13.246.130 with SMTP id g124mr42449273ywf.29.1451348821707; Mon, 28 Dec 2015 16:27:01 -0800 (PST)
MIME-Version: 1.0
References: <CAPWFDXWx-STKyM-wUvg78onZyh7vROxXm0_8g2+6n79v9Qc+cQ@mail.gmail.com> <87mvuknf8u.fsf@alice.fifthhorseman.net> <CAPWFDXU9n2LZg9-i2+3ehXw+W-7YU8nDbucxdoHkxFcz2F+thg@mail.gmail.com> <876116op8s.fsf@alice.fifthhorseman.net> <CAL02cgS2gdDgobeZA+1SaHsF+gW64E2EfTMQWS0sVNqzPK-z8A@mail.gmail.com>
In-Reply-To: <CAL02cgS2gdDgobeZA+1SaHsF+gW64E2EfTMQWS0sVNqzPK-z8A@mail.gmail.com>
From: Matthew Holt <matthew.holt@gmail.com>
Date: Tue, 29 Dec 2015 00:26:52 +0000
Message-ID: <CAPWFDXVGcwW3vtRZPxWGXVcBAWJ=LLCkAgqddyrwz2-sasVRiw@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: multipart/alternative; boundary="94eb2c030e20f692a50527fe7a86"
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/QVGkXJ2f_uY0YwGQOW_to1naCgw>
Cc: "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] Spec change to allow retrieval of Terms of Service URL
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Dec 2015 00:27:05 -0000
That'll work - I like the idea of the meta field. No new operations seem necessary if that is present. On Mon, Dec 28, 2015 at 3:28 PM Richard Barnes <rlb@ipv.sx> wrote: > On Thu, Nov 12, 2015 at 4:57 PM, Daniel Kahn Gillmor < > dkg@fifthhorseman.net> wrote: > >> On Thu 2015-11-12 10:30:44 -0500, Matthew Holt wrote: >> > If the client leaves it up to the user to follow the link, then the >> format >> > shouldn't matter in terms of the ACME spec; it is up to the document >> > renderer (browser) to do so safely and correctly. >> >> if the spec has any implications that the user is agreeing to something >> by proceeding with the process, then the spec needs to be really clear >> what it means. If a document is unreadable by a user with (for example) >> a browser that declines to execute javascript, or a browser cannot >> access third-party resources, then the spec is encouraging both parties >> (subscribers and CAs) to lie to each other. >> >> > If the client were to actually download and show the document to the >> user, >> > then yes, plain text would be much better. Most terminal-based clients >> will >> > probably not want to show the full legal terms in the terminal window, >> but >> > would prefer a link. Simpler, less screen space required, accomplishes >> same >> > goal. >> >> They don't appear to accomplish the same goal to me. Maybe we need to >> spell out what the goal is more explicitly? >> >> >> b) That the resource fetched from that URL will never change. I don't >> >> want to retrieve the URL at time T, display it to the user, and >> then >> >> have the user continue the process at time T+2 when the document >> >> changed at time T+1. >> > >> > That's the idea. The URL to that version of the document should never >> > change (ideally, but I suppose that is up to the CAs), but if it does, >> it >> > means there is a new document, i.e. updated terms, the user must agree >> to. >> > So the URL would be assumed to be a key or token value representing the >> > actual legal text; if it changes, the user should be re-prompted. >> >> If the intent is to be able to update the terms of service in >> continuance of the subscriber relationship, then the immutability of the >> provided statement needs to be much more carefully spelled out. >> >> Terms of Service, notice, and consent are complex problems with effects >> going all the way up the stack to layer 9. If ACME proposes to treat >> them as in-scope for the specification, we need to be careful and >> explicit about how they're being tied in. >> >> I know "the IETF does not do UI", but we need to describe at least the >> semantics of tasks that the UI needs to perform on behalf of the >> subscriber (or, possibly, of the CA) if we expect this additional field >> to be a meaningful part of the protocol. >> > > ISTM that what we need to do here is provide tools that will be configured > by layer 9 :) > > There are a few basic operations to facilitate: > 1. Enable the client to present the TOS to the user > 2. Enable the client to indicate the user's agreement with the TOS > 3. Enable the client to detect when the TOS changes > 4. Enable the server to indicate when the client needs to re-agree > > For (1) and (3), having a URI for the terms seems sufficient, without > further constraints. It's up to the CA to figure out how to present the > terms in a way that clients can handle, and up to clients to figure out how > to handle a reasonable array of stuff. (I expect in most cases it will get > punted to a browser anyway.) > > For (2), we have the "agreement" field in the registration POST. > > I think (4) is adequately addressed by the text added in #52 ( > https://github.com/ietf-wg-acme/acme/pull/52). > > So I'm not seeing a whole lot of need for new mechanism here. > > --Richard > > > > >> >> --dkg >> > >> >> _______________________________________________ >> Acme mailing list >> Acme@ietf.org >> https://www.ietf.org/mailman/listinfo/acme >> >
- [Acme] Spec change to allow retrieval of Terms of… Matthew Holt
- Re: [Acme] Spec change to allow retrieval of Term… Daniel Kahn Gillmor
- Re: [Acme] Spec change to allow retrieval of Term… Yoav Nir
- Re: [Acme] Spec change to allow retrieval of Term… Matthew Holt
- Re: [Acme] Spec change to allow retrieval of Term… Daniel Kahn Gillmor
- Re: [Acme] Spec change to allow retrieval of Term… Matthew Holt
- Re: [Acme] Spec change to allow retrieval of Term… Richard Barnes
- Re: [Acme] Spec change to allow retrieval of Term… Richard Barnes
- Re: [Acme] Spec change to allow retrieval of Term… Matthew Holt