IETF Logo Mail Archive

Re: [Acme] Terms of service agreement changes

Eric Rescorla <ekr@rtfm.com> Wed, 17 August 2016 01:38 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A26F12B05B for <acme@ietfa.amsl.com>; Tue, 16 Aug 2016 18:38:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Om1CPH6XkmZQ for <acme@ietfa.amsl.com>; Tue, 16 Aug 2016 18:38:46 -0700 (PDT)
Received: from mail-yw0-x231.google.com (mail-yw0-x231.google.com [IPv6:2607:f8b0:4002:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B01E128E18 for <acme@ietf.org>; Tue, 16 Aug 2016 18:38:46 -0700 (PDT)
Received: by mail-yw0-x231.google.com with SMTP id z8so53638320ywa.1 for <acme@ietf.org>; Tue, 16 Aug 2016 18:38:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=LoNJbudhZoh02awycQDtyC1cA/1QgP/CcrkL7qY6z2I=; b=ePXWNwQXC71ztkoAqBowS//BVbMyslFguuEyTOE8eabsD3MAM80bCIpxb5Aq7C/IqS f6FRYodcTlJqxnrK8xL8GXpliMe8I4z3Vs3SmQv8x40obZPq+aAVt6yfMl3o9/r9nFfZ bV+Sz3yZI2yAqRnawhL0BWrXH5ydOE7hipsIniTfJauAnzBKqms4sFkHD4CGq4mLbuKp 9bzI3O7veivJhHtFi5Slkb6+sALYg9yNla/k4gQGeLRFq1rYHE/Gr+QaXD9QBl22cfpz kb590co0dLyBdhY8a39qyjupYlubEbNBxkFCcgBbLV2tHcHor22+3pQvcNYI7Tupniu2 uxow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=LoNJbudhZoh02awycQDtyC1cA/1QgP/CcrkL7qY6z2I=; b=BFHJ0nBw92BR044hEI6sgxoG2gzj4yUSwsWOpKoismbDc5KS9Hh9QpyoOiLQEfJpL+ mr4h4itzAfZuGS1goQQwg2Xp0c19WCTK53msKTHs9wHlRZ0lWncxIeKP5R/NdGg+wrTL 9jDUqpFoiQi7/dN9rYmVWRXY7lv7K62ruC1z9dNyWim9GtqXv3Cpv2KtpvqDitL+h4XB Nnli7JFeZ9qiImDq6X8sgxzkqZWcdM9LSjUzaWsf5BxKPD9lwD7W+n3JxTPD/dEUWD33 dZEJdpehN4XnusezS8XFEs8DmRhvBC00u/w9ehFFb3E+/tEdcHgjEVmK2PZ049gJVynN E3yw==
X-Gm-Message-State: AEkoouttpf5XUaRmTeKnFSExpU0W/+/DIgErpWr0X8G37xSKc2r5oY3JRKWQrafY3egt8KSjk23TRceDyAFPMQ==
X-Received: by 10.129.125.135 with SMTP id y129mr27989095ywc.107.1471397925602; Tue, 16 Aug 2016 18:38:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.48.193 with HTTP; Tue, 16 Aug 2016 18:38:05 -0700 (PDT)
In-Reply-To: <cf5a59f2-e8f4-1324-29e7-3977db34f2a2@eff.org>
References: <627b7240-a9db-7259-6d38-1bad24f80856@eff.org> <20160807123428.GA10284@andover.lhh.devever.net> <CAL02cgQZucvbNCmiTk5Vkn1D3V7VH3F0m5NtXX9GdqznPMtgLw@mail.gmail.com> <CANUQDChYC6zF0VHZ5LcdSxjsc8t6C36hRJx_b8JUUOUVbn8huA@mail.gmail.com> <CAL02cgRHwOHGgLeZLOeEDx3K0EwtfokYkcja4adq3xw0xAj5CQ@mail.gmail.com> <02d7023e-98f6-bd87-f35d-65fb44e62098@eff.org> <20160809194229.GI8744@hex.shelbyville.oz> <801db366-377f-ea94-6b6b-7dd8e2f0c108@eff.org> <cf5a59f2-e8f4-1324-29e7-3977db34f2a2@eff.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 16 Aug 2016 18:38:05 -0700
Message-ID: <CABcZeBNZMMxQ6MH_XBPDO2qHHL=MJwGTgzj68sjFNR+m7ik86A@mail.gmail.com>
To: Jacob Hoffman-Andrews <jsha@eff.org>
Content-Type: multipart/alternative; boundary="001a11492ce8adf923053a3a860d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/ing0WC7T1jFxuQbLKj5ipJsjdAo>
Cc: IETF ACME <acme@ietf.org>
Subject: Re: [Acme] Terms of service agreement changes
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2016 01:38:49 -0000

Hmm...

  If the server provides a terms-of-service URL in the directory, the
  client MUST indicate its operator's agreement to the terms at that URL
  by including the "terms-of-service": "agreed" field in the
  new-registration body.

This text seems like an attempt to triangulate between what's the
protocol and some notion of user consent (which wasn't really present
in the original version). If I were to implement this code, I might
well just do:

  if (tos_url) {
    msg['terms-of-service'] = 'agreed';
  }

This "indicates" the operator's agreement, I suppose, but it doesn't
actually reflect having obtained it. If the semantic you want is
"client MUST ask the user" then the text should say that, but it seems
like a sensible client would probably just ask the user "shall I
always answer yes to this" at install time, so it's not clear to me
what is being bought here. In any case, this text seems like it makes
things less clear.

-Ekr



On Tue, Aug 16, 2016 at 6:25 PM, Jacob Hoffman-Andrews <jsha@eff.org> wrote:

> Any further objections to this?
>
> https://github.com/ietf-wg-acme/acme/pull/167/files
>
> On 08/09/2016 12:50 PM, Jacob Hoffman-Andrews wrote:
> > On 08/09/2016 12:42 PM, Ron wrote:
> >>>  - If the CA uses legal auto-update language (most common case by far),
> >>> nothing else is required.
> >>
> >> I think in this case we should specify that the CA MUST notify the user
> >> of this via the ACME protocol (ie. by changing the ToS URL or similar).
> >
> > I'm fine with saying that the directory's terms-of-service URL should
> > always be up-to-date with the latest ToS, *if* the CA is using ACME for
> > ToS agreement.
> >
> >
> > I suspect for most paid CAs, ToS agreement will already have been
> > handled out-of-band, for instance when submitting payment information.
> >
> > _______________________________________________
> > Acme mailing list
> > Acme@ietf.org
> > https://www.ietf.org/mailman/listinfo/acme
> >
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>

v2.23.0 | Report a Bug | By Email