search

aarongable / draft-acme-ari

Internet Draft for the Automated Certificate Management Environment (ACME) Renewal Information (ARI) Extension
Other
5 stars 7 forks source link

Wordsmithing the suggested uses of `replaces` by a server #61

Closed robstradling closed 6 months ago

robstradling commented 7 months ago

Current text:

It is suggested that Servers should use this information to grant New Order requests which arrive during the suggested renewal window of their identified predecessor certificate higher priority or allow them to bypass rate limits, if the Server's policy uses such.

I realise this is a not-upper-case "should" and it's prefixed by "It is suggested", but TBH I'd characterise this language as being slightly more prescriptive than something like "What to do with this information is left entirely to server policy, but here are some suggestions:". Is that the intent?

Also, ISTM that the "...should...higher priority...bypass rate limits" language is geared towards high volume issuers, which not all server operators are. Indeed, a server might not have any mechanisms for assigning higher priority or for bypassing rate limits, but might want to "use this information" in other ways. For example, some CAs tend to extend the lifetime of a renewed certificate by the amount of time left on the predecessor certificate, which makes sense in cases where there is monetary value associated with the renewal.

Could we rephrase this text to something like "What to do with this information is left entirely to server policy, but here are some suggestions:", followed by some bullet points?

mholt commented 7 months ago

Great suggestion, and I want to add/clarify:

ISTM that the "...should...higher priority...bypass rate limits" language is geared towards high volume issuers

It's also about cramming significantly more issuances into a narrow window that may push a CA beyond its issuance capacity, leaving some clients unable to renew in time.

aarongable commented 7 months ago

Could we rephrase this text to something like "What to do with this information is left entirely to server policy, but here are some suggestions:", followed by some bullet points?

Makes sense to me.

It's also about cramming significantly more issuances into a narrow window that may push a CA beyond its issuance capacity, leaving some clients unable to renew in time.

Only if the server makes the ARI window narrower than it can handle. As always, it is up to the server to ensure that it can handle its traffic volume and fail gracefully -- which many servers use rate limits to accomplish today -- and the existence of ARI does nothing to change that.