search

aarongable / draft-acme-ari

Internet Draft for the Automated Certificate Management Environment (ACME) Renewal Information (ARI) Extension
Other
3 stars 7 forks source link

Query: Conforming clients MUST select a uniform random time within the suggested window #26

Closed robplee closed 1 year ago

robplee commented 2 years ago

Hi,

Apologies for joining slightly late to the party, however I only recently discovered the existence of this draft. If this would be better sent as an email to the mailing list please let me know and I'll get that sent as soon as I'm able.

I think strictness of the requirement for clients to choose a uniform random time within the suggested renewal window is a little strange. Especially when considering that if the clients only check the ARI after the window has ended then the standard only states that they should attempt to renew immediately. Furthermore, if the renewal window is before the next time the client would check then may attempt to renew immediately. This seems an odd combination of key words to me.

Would it not be more appropriate for the recommendation to choose a random time to be a "SHOULD" or even "It is RECOMMENDED that conforming clients select a uniform random..." rather than the "MUST" in the current text?

It seems to me that if this draft is to give means for the CA to provide "suggestions on when [clients] should renew certificates" then the language should be not quite so forceful and allow for users* to choose when in the window they request renewal, some users (especially if they are customers of a commercial CA) may prefer to aim for the end of the renewal window and get their money's worth out of their existing cert, meanwhile others might want to aim for the start of the window in order to maximise the time available to get their new certificate properly installed and everything configured properly.

*I appreciate that in ACME we are assuming users are software clients but it seems to me that checking ARI could be integrated into a notification system that would tell a human to fire up their ACME client and get a new cert if they weren't willing to set everything up quite so automatically.

aarongable commented 1 year ago

You bring up an interesting point. The original idea when I was writing that paragraph was: "fully specify how to compute when to renew; then only provide suggestions for what to do with that information". But maybe phrasing it as "the client SHOULD renew at a time of its choosing within the window; the following algorithm for selecting a time is RECOMMENDED: ..." would be best. I'll work on a change to that effect now.

osirisinferi commented 1 year ago

Question about this if I may: the choice of words in #32 which addressed this issue leaves room for renewing outside of the window, as long as that renewal time was based on the window (where e.g. an hour before or after the window is also allowed). Was that also the intention of #32?