[Servercert-wg] Discussion Period Begins on Ballot SC43: Clarify Acceptable Status Codes
Ryan Sleevi
sleevi at google.com
Fri Mar 12 18:13:36 UTC 2021
On Fri, Mar 12, 2021 at 1:11 PM Dimitris Zacharopoulos (HARICA) <
dzacharo at harica.gr> wrote:
>
>
> On 12/3/2021 6:47 μ.μ., Ryan Sleevi wrote:
>
> Dimitris,
>
> Given the length of discussion here, are you aware of systems not yet
> conforming? Perhaps you can speak about what concrete (rather than
> abstract) difficulties there would be?
>
> That's not to say an effective date is a forgone conclusion, but I think
> as a Forum, we're much more productive when members with concrete concerns
> bring them forward, rather than abstracts "on behalf of someone else". For
> example, what challenges might HARICA face? Understanding that would help
> both make better ballots, and perhaps highlight industry good practices
> from other CAs that HARICA could adopt so that these aren't concerns in the
> future.
>
>
> CAs need to update their validation code to allow ONLY these specific HTTP
> responses for redirects. This also needs to be applied consistently,
> including ACME implementations that may not currently support this
> configuration option. For example, I believe EJBCA does not have this
> option for their ACME server engine component.
>
> For HARICA, it's easy to update the main RA code but we currently rely on
> EJBCA for ACME and that might cause some delays.
>
> I hope this helps.
>
Yup! Makes total sense now :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210312/2fa7e7de/attachment.html>
More information about the Servercert-wg
mailing list