[Acme] Own error type for missing agreement

Richard Körber <acme@ml.shredzone.de> Tue, 22 December 2015 22:26 UTC

Return-Path: <acme@ml.shredzone.de>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 281CF1A9166 for <acme@ietfa.amsl.com>; Tue, 22 Dec 2015 14:26:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.099
X-Spam-Level: *
X-Spam-Status: No, score=1.099 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 5EL3sSdwTfxE for <acme@ietfa.amsl.com>; Tue, 22 Dec 2015 14:26:11 -0800 (PST)
Received: from arrietty.shredzone.net (arrietty.shredzone.net []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F16F1A9163 for <acme@ietf.org>; Tue, 22 Dec 2015 14:26:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shredzone.net; s=dkim_1; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Message-ID:Subject:From:To; bh=kSlnhJN05OJ6JnLOgKcsMDmU+WTFfCsPuBMgNG270vU=; b=W87iPI5LSY5MYU+hStW+NlSFgzb/N671ha2kKvrN2sgAb3u9Z45ojAJY4Xacs3azxBmzw4XmwJhUSO82sm4Rh7gRc3QRGXRf9SPDihXcZob1xlN4QmIssAFWmRfuR5N70127q8ySCITXlA6wc3yAna6eCtOpTVQji+b3HVoO154=;
Received: from static-87-79-75-184.netcologne.de ([] helo=ronja.home) by arrietty.shredzone.net with esmtpsa (UNKNOWN:AES128-SHA:128) (Exim 4.72) (envelope-from <acme@ml.shredzone.de>) id 1aBVNh-0001xb-0d for acme@ietf.org; Tue, 22 Dec 2015 23:26:09 +0100
To: acme@ietf.org
From: =?UTF-8?Q?Richard_K=c3=b6rber?= <acme@ml.shredzone.de>
Message-ID: <5679CE00.3000604@ml.shredzone.de>
Date: Tue, 22 Dec 2015 23:26:08 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/o8jUizy0cfqQUP_vVVM19d7CMiM>
Subject: [Acme] Own error type for missing agreement
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Dec 2015 22:28:48 -0000


There should be an own error type if the server requires the client to agree
to the (latest) Terms of Service.

Rationale: Currently, when an account needs to accept the Terms of Service,
the server responds with this error:

{"type":"urn:acme:error:unauthorized","detail":"Must agree to subscriber
agreement before any further actions","status":403}

The client is then supposed to present the agreement document to the user and
ask for confirmation.

However, a software could only detect this case by parsing the human readable
"detail" string, which will break if the error detail message should change.

There should be an own error type, e.g. "urn:acme:error:noagreement", so a
client is able to distinguish this special case from other "unauthorized"
cases. Unlike the other "unauthorized" errors, the requirement to accept the
Terms of Service is an error that the user is able to fix himself immediately,
just by updating his account.