Clarification on which spec to use #231

Closed
ericchiang opened this Issue Nov 9, 2015 · 2 comments

Projects

None yet

3 participants

@ericchiang
Contributor

I noticed that the spec under the "Latest version" link seems to be different than the other one specified in the README (ietf-wg-acme/acme) as well as in the "guidelines for contributing." For instance, challenges have entirely different names ("simpleHttp" vs "http-01", "dvsni" vs "tls-sni-01").

I'm currently trying to implement a ACME client and was using this spec as reference until I noticed boulder was return results contrary to this document.

Would it be possible to add a clarification to the README about why there are different versions of the spec around? This is currently the top Google result for "acme spec" and though there's already a warning perhaps something stronger would be better if the "Latest version" link isn't up to date?

@keppler
keppler commented Nov 10, 2015

I noticed that the spec under the "Latest version" link seems to be
different than the other one specified in the README (ietf-wg-acme/acme
https://github.com/ietf-wg-acme/acme) as well as in the "guidelines
for contributing." For instance, challenges have entirely different
names ("simpleHttp" vs "http-01", "dvsni" vs "tls-sni-01").

"simpleHttp" and "http-01" are actually different methods, not just
different names.

SimpleHttp:
https://letsencrypt.github.io/acme-spec/#rfc.section.7.1
-> returned JWS contains "type" and "tls", token is used only for
filename

http-01:
https://tools.ietf.org/html/draft-ietf-acme-acme-01#page-38
-> returned JWS contains "keyAuthorization"
(which is the token + "." + account key)

Would it be possible to add a clarification to the README about why
there are different version of the spec around? This is currently the
top Google result for "acme spec" and though there's already a warning
perhaps something stronger would be better if the "Latest version" link
isn't up to date?

I second that. It's really confusing for implementation.
Please also note if "simpleHttp"/"dvsni" is considered as deprecated.

Best regards

-Klaus
@jsha
Contributor
jsha commented Nov 10, 2015

Good point. "simpleHttp" and "dvsni" are in fact considered deprecated.

@jsha jsha closed this in #233 Nov 10, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment