I am currently implementing an ACME compatible software and working my way
through the latest draft version 16 (draft-ietf-acme-acme-16). I have noticed
that with version 16 of the draft, you have randomized the URLs that are used
in the examples and moved certain challenge related functionality from
/acme/authz/ to a dedicated /acme/chall/ path.
I think I have spotted an inconsistency related with that change while studying
how a client responds to the server to acknowledge that a challenge can be
validated.
In section 8.3. HTTP Challenge, the destination URL in the provided example was
changed from "/acme/authz/1234/0" to "/acme/authz/PAniVnsZcis/0" whereas in
section 8.4. DNS Challenge, the destination URL in the provided example was
changed from "/acme/authz/1234/2" to "/acme/chall/Rg5dV14Gh1Q".
I guess that line 32 on page 60 should be:
POST /acme/chall/prV_B7yEyA4
instead of:
POST /acme/authz/PAniVnsZcis/0
This is also defined in section 7.5.1. Responding to Challenges where the
draft clearly says "[...] carried in a POST request to the challenge URL (not
authorization URL)." Otherwise there are now two ways of acknowledging that a
challenge can be validated and it is not clear which one can be used with which
challenge type.
I may be completely wrong on this and the behavior is intended the way it is
described in the current draft. However, I was just wondering whether this is a
mistake or actually correct.
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
