> The usage model I think we should aim for is where chains are used > as-is. For instance, the chain is fed straight to the HTTPS server. > There is reasonably strong advice against sending trust anchor > certificates over the wire, and most software simply spools out > everything it is given. I agree, but it's impossible to make this work for every case. Most of the time the root certificate shouldn't be served. Sometimes it absolutely must be. > I thought that we already had this discussion and concluded that roots > wouldn't be included. That's consistent with the above. > > Obviously that would leave this open to some discretion, but that's > OK. For instance, during the period that a new CA has a > cross-signature on their root, they might include their own anchor for > maximum compatibility, but they might phase that out over time. But > the CA is in a reasonable position to know when to move, and it isn't > as though this would prevent clients from adding or removing as they > see fit. Not including the root certificate in the chain seems reasonable to me, so long as a means is provided to discover it. Not imposing an absolute MUST NOT prohibiting including the root certificate in the chain so as to allow CA discretion also seems reasonable. I'd argue a SHOULD NOT is warranted here, though.
As for requiring a client to enumerate the system trust store to match up certificates, this is problematic because a client may not have a portable way to enumerate the system trust store, even if it has a portable way to make HTTPS requests for the purposes of accessing the ACME API. It also creates a dependency between the system trust store and what CA issues the certificates one is acquiring, which creates another thing which can go wrong. The use of the AIA extension in intermediates is, AFAIK common and is used by Let's Encrypt, so this seems like a good vehicle for autodiscovery. Use of AIA could be RECOMMENDED. A Link header would also do (and is AFAIK exposed when content negotiation negotiates DER, so as this stands it's a bit inconsistent). To summarise, I think the standard should recommend that root certificates not be included but also guarantee a viable method for discovery. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
