Re: [Acme] Spec change to allow retrieval of Terms of Service URL
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 12 November 2015 02:06 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1A621A03F9 for <acme@ietfa.amsl.com>; Wed, 11 Nov 2015 18:06:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s58ql2TfciLV for <acme@ietfa.amsl.com>; Wed, 11 Nov 2015 18:06:38 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 5D1BE1A0423 for <acme@ietf.org>; Wed, 11 Nov 2015 18:06:38 -0800 (PST)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 85D8EF984; Wed, 11 Nov 2015 21:06:37 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 882731FFB7; Wed, 11 Nov 2015 21:06:09 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Matthew Holt <matthew.holt@gmail.com>, acme@ietf.org
In-Reply-To: <CAPWFDXWx-STKyM-wUvg78onZyh7vROxXm0_8g2+6n79v9Qc+cQ@mail.gmail.com>
References: <CAPWFDXWx-STKyM-wUvg78onZyh7vROxXm0_8g2+6n79v9Qc+cQ@mail.gmail.com>
User-Agent: Notmuch/0.20.2 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu)
Date: Wed, 11 Nov 2015 21:06:09 -0500
Message-ID: <87mvuknf8u.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/S00Do6HIaSHQTZSXwZI_9-lp_04>
Subject: Re: [Acme] Spec change to allow retrieval of Terms of Service URL
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2015 02:06:39 -0000
On Fri 2015-11-06 14:03:35 -0500, Matthew Holt wrote:
> I'd like to propose a change that allows clients of the ACME protocol to
> obtain the URL to the CA's current Terms of Service (if any) without
> re-registering or trying to obtain a certificate and getting a failure
> response.
>
> This proposal has two parts: adding an entry to the directory, and adding
> the current ToS URL to response headers.
>
> Section 6.2 explains the directory, and adding an entry to the directory
> seems logical:
>
> {
> "new-reg": "https://example.com/acme/new-reg",
> "recover-reg": "https://example.com/acme/recover-reg",
> "new-authz": "https://example.com/acme/new-authz",
> "new-cert": "https://example.com/acme/new-cert",
> "revoke-cert": "https://example.com/acme/revoke-cert",
> * "agreement-url": "https://example.com/acme/subscriber-agreement-v01.pdf
> <https://example.com/acme/subscriber-agreement-v01.pdf>",*
> }
>
> Additionally, including the current ToS in response headers of a failed
> request will allow clients to show the current terms and re-prompt the user
> immediately, if available. Something like this:
>
> *Agreement-URL: https://example.com/acme/subscriber-agreement-v01.pdf
> <https://example.com/acme/subscriber-agreement-v01.pdf>*
>
> Both of these could be optional (as the CA sees fit), but it makes it
> possible for clients to offer a better user experience.
Doesn't this depend on the nature of the data fetched at the given URL?
I'd hope that any inclusion of some mechanism like this would be tightly
constrained with guidance that makes the data both self-contained and
immutable. Something like:
a) all the necessary data to understand the subscriber agreement is
available from that specific URL, without requiring any additional
resource fetches, arbitrary code execution, etc. I shouldn't need
to pull in external stylesheets or images, to run javascript,
receive or send cookies, etc. in order to be able to render the
document to the user. You've used .pdf in your example above: there
are now PDFs that violate all these assumptions. Maybe we could
limit to text/plain; charset=UTF-8, or (if PDF is needed) to PDF/A
or some similar archival-quality subset of PDF?
b) That the resource fetched from that URL will never change. I don't
want to retrieve the URL at time T, display it to the user, and then
have the user continue the process at time T+2 when the document
changed at time T+1.
--dkg
- [Acme] Spec change to allow retrieval of Terms of… Matthew Holt
- Re: [Acme] Spec change to allow retrieval of Term… Daniel Kahn Gillmor
- Re: [Acme] Spec change to allow retrieval of Term… Yoav Nir
- Re: [Acme] Spec change to allow retrieval of Term… Matthew Holt
- Re: [Acme] Spec change to allow retrieval of Term… Daniel Kahn Gillmor
- Re: [Acme] Spec change to allow retrieval of Term… Matthew Holt
- Re: [Acme] Spec change to allow retrieval of Term… Richard Barnes
- Re: [Acme] Spec change to allow retrieval of Term… Richard Barnes
- Re: [Acme] Spec change to allow retrieval of Term… Matthew Holt