Closed systemcrash closed 3 years ago
Boulder does not support schemes other than mailto:
:
https://github.com/letsencrypt/boulder/blob/beee17c510c20fc3a454a554c71a7e86b77d4ffd/ra/ra.go#L397-L399
As you noted, mailto:
is the only scheme which MUST be supported per RFC8555, and we have no intentions to widen the scope of valid contact addresses at this time.
RFC 8555 is clear that mailto: support is a must,
but lists contact type as a string array. This could conceivably contain:
tel:...... sip:..... http:...... https:......
A quick search shows that test cases only cover mailto: since those are the most convenient and trivial to notify a user of pending expiry. Are the above+others permissible?
RFC just suggests mailto:
https://tools.ietf.org/html/rfc8555#section-7.3
https://tools.ietf.org/html/rfc8555#section-7.1.2
It feels like valid and accepted are conflated and left up to implementation.
But this implementation only seems to handle and test for mailto:
https://github.com/letsencrypt/boulder/blob/2d14cfb8d1bc56e70e61f8d50d8f5a150e9b6c1d/sa/satest/satest.go#L42
Do other ACME providers support other contact URL types (schemes)?