Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Account Key Rollover RFC 8555 § 7.3.5 #209

Closed
hbellur opened this issue Mar 16, 2020 · 4 comments · Fixed by #276
Closed

Account Key Rollover RFC 8555 § 7.3.5 #209

hbellur opened this issue Mar 16, 2020 · 4 comments · Fixed by #276
Assignees
@dcow
Labels
area/acme ACME bug
Milestone
v0.15.0

Comments

@hbellur
Copy link

hbellur commented Mar 16, 2020

Subject of the issue

Describe your issue here.

Directory object returns key change URL. But server returns 404 when attempting to perform key rollover

Your environment

  • OS - Linux (Ubuntu)
  • Version - 16.04.6 LTS (Xenial Xerus)
@dopey
Copy link
Contributor

dopey commented Apr 15, 2020

Yep, that's fair. We can remove that.

@dopey dopey added the bug label Apr 15, 2020
@dopey dopey added this to the Short Term Backlog milestone Apr 15, 2020
@dopey dopey added the area/acme ACME label Apr 15, 2020
@dopey dopey modified the milestones: Short Term Backlog, v0.15.0 Apr 27, 2020
@dcow
Copy link
Contributor

dcow commented May 1, 2020

@dopey where does it say that https://tools.ietf.org/html/rfc8555#section-7.3.5 is optional?

@dopey
Copy link
Contributor

dopey commented May 1, 2020

@dcow we don't support it through the ACME api. So we shouldn't be returning it as part of the directory response. Not a question of whether it's optional.

@dcow
Copy link
Contributor

dcow commented May 1, 2020
edited

Is that conventional (I don't have tons of experience with ACME clients)? If we remove the key change url do clients know how to proceed? Or will we just get a new issue opened up with whatever error message someone sees when they try to do a key change but the url is not in the directory? Do we have an issue tracking support for § 7.3.5? I agree it's probably better not to list the path if we know we'll just 404 on it if that's our only option. But I wonder, is there perhaps an alternate http status code like "501 not implemented" we could return that more directly informs clients about what's happening?

@dcow dcow changed the title Account Key Rollover RFC 8555 - sec 7.3.5 Account Key Rollover RFC 8555 - § 7.3.5 May 1, 2020
@dcow dcow changed the title Account Key Rollover RFC 8555 - § 7.3.5 Account Key Rollover RFC 8555 § 7.3.5 May 1, 2020
@dcow dcow mentioned this issue May 26, 2020
Merged
@dcow dcow closed this as completed in b26e6e4 May 29, 2020
@dcow dcow closed this as completed in #276 May 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dcow dcow

Labels
area/acme ACME bug
Projects
None yet
Milestone
v0.15.0
Development

Successfully merging a pull request may close this issue.

acme: Return 501 for the key-change route smallstep/certificates
3 participants
@dcow @dopey @hbellur