Hi, another PR that slightly changes meaning (SHOULD NOT -> MUST NOT): https://github.com/ietf-wg-acme/acme/pull/407
Section "Request Authentication" says: "Servers MUST NOT respond to GET requests for resources that might be considered sensitive. Account resources are the only sensitive resources defined in this specification." I agree with the "MUST NOT" here as account contains e.g. my contact data. Therefore section "Account Information" should also says "MUST NOT": "Servers MUST NOT respond to GET requests for account resources..." Cheers Joern Heissler
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
