IETF Logo Mail Archive

Re: [Acme] ACME breaking change: Most GETs become POSTs

Richard Barnes <rlb@ipv.sx> Fri, 31 August 2018 14:25 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9F68130DFF for <acme@ietfa.amsl.com>; Fri, 31 Aug 2018 07:25:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wIb818V25Cpo for <acme@ietfa.amsl.com>; Fri, 31 Aug 2018 07:25:21 -0700 (PDT)
Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B40871271FF for <acme@ietf.org>; Fri, 31 Aug 2018 07:25:21 -0700 (PDT)
Received: by mail-oi0-x235.google.com with SMTP id m11-v6so21990114oic.2 for <acme@ietf.org>; Fri, 31 Aug 2018 07:25:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ynnfDNmq6GhOhNOyNC3OKnbszzYzs6YaWoaK+C213KA=; b=A52UEwT3WnM5dXKjw8+QbOMiCRM4ckcaMq2ssdxwnuogPBZrhO8D1ryQJe2CEiRBvZ NehPgk1Twt3xyEppnxyDBjtaLOOQ/ZcsOspTjujwmTBrzwDNiXghcmfDLcJ2Q77sepnx UdgzUz96+7Ry/UpSsVgsOB0/GGw2Q4EOcC6pLiuCJGdSgxuSdrfOPzOZVM6rk+lgSF7S gVuAKl+gpxGW+nDvDvjZ1+gYd/zL482JbBiMUW35kpcgRmBsrHCkNDmLSGI+a5mXTGer ecUhWRvdCjFBsexdzIzle9c2paowVZQbEyyMbepB/I2CJ3yLr9Nt8fHfURZG87CIsWn1 a2xw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ynnfDNmq6GhOhNOyNC3OKnbszzYzs6YaWoaK+C213KA=; b=uayYovDiiN1JQ4WTV4vi15Owx7ohiSxhyEYffy/q39uOvelKGIzeA8W8iArSN8Tibv RM/rNVZ2Y8V27uvLceU9J9A3S0u4vHHu8ceCKEa8BuxU56upJOUT0txqiT79FSBhRGm2 L6GQpp3ZDVMghKqlFOPYxhpy7SKLAthSz3ShvvWr+gCFiB2yxJCc9Xyb//6b+3ro6Wai /mXOBySfVjRwFW0WXt9gxalHjxv4iTiEcMjCm9FTnZHfABcQhAG5wfKfi25aCRnd4ixn dqPuvVC3Lu+NkkAYGmHWTCRRfXcvohKKhroq7/NmoQE4zMEKSICT3xVhxryxQWUbse62 vR4A==
X-Gm-Message-State: APzg51DHttsMVzdBurvuLqSu53Mmh0pV9tlS6AaSTw2NJdcZiehGop7s RtRBknxZ9fzTRPThFeP3j5A1p3ge9nGGDqq7gOBo3A==
X-Google-Smtp-Source: ANB0VdZYm9uaKLwCFgC80TY6aGNRgjahtc3rsajuPQBVN7Ql66XM6yrBtNwb67pbq0KUoDfxNRmlOi8uuJnr7VDzl5o=
X-Received: by 2002:aca:6b87:: with SMTP id g129-v6mr7141759oic.88.1535725517476; Fri, 31 Aug 2018 07:25:17 -0700 (PDT)
MIME-Version: 1.0
References: <c33184f3-4e64-b7ea-babb-d29e2307f1f3@eff.org> <2a889461-da9e-d3bd-e5a8-688eda61c614@eff.org> <51509028-1939-4851-8BB5-41F94FA146A1@felipegasper.com> <CAL02cgTLEMAMZQicNvXzQrRnGeemrUojmGe_8r=e_YZCNazdsQ@mail.gmail.com> <D171FC21-64FA-4438-AF45-520B5AFEEBF7@akamai.com>
In-Reply-To: <D171FC21-64FA-4438-AF45-520B5AFEEBF7@akamai.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Fri, 31 Aug 2018 10:25:07 -0400
Message-ID: <CAL02cgQXx0fBUuxa8ivwTk09J5h8tWiNP8b+8taY8wPJxLypeA@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: Felipe Gasper <felipe@felipegasper.com>, IETF ACME <acme@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f630c00574bbf56f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/rSFW6tgo67Kewkxh7KbZViXm7do>
Subject: Re: [Acme] ACME breaking change: Most GETs become POSTs
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Aug 2018 14:25:23 -0000

The problem with using POST-as-GET for certificate resources, as Felipe I
think pointed out, is that the thing that downloads the certificate URL is
often not an ACME player, doesn't have an account, etc.  It's a web server
or something.  (cf. the STAR drafts.)  What I'm saying is that it's painful
to make them integrate with ACME and we don't get any benefit.

On Fri, Aug 31, 2018 at 10:20 AM Salz, Rich <rsalz@akamai.com> wrote:

>
>    - - If a server is concerned about the privacy of certificate
>    resources, then they SHOULD assign them capability URLs.
>
>
>
> Not a fan of capability URL’s; does get/post handle things well enough?
>

v2.23.0 | Report a Bug | By Email