Request: "What's new in ACME v2" post

It’d be cool if someone would write a blog post about what new features will be in ACME v2 (rather than having to manually compare the old spec to the new one). I know it’s still a work in progress, but a post could mention features that are almost certainly going in, features that are still being debated, and so on.

6 Likes

FWIW, you don’t have to manually compare:

https://tools.ietf.org/rfcdiff?url1=https://tools.ietf.org/id/draft-ietf-acme-acme-01.txt&url2=https://tools.ietf.org/id/draft-ietf-acme-acme-07.txt

Just looking at the difference between tables of contents gives you an idea of everything they’ve added.

This certainly isn’t a replacement for a high-level overview of the changes, but I imagine we’re still a couple months away from such a post. I would guess that they’re probably neck deep in the server implementation right now and not so focused on the client side yet. :wink:

2 Likes

This sounds like a good idea but as @patches points out the primary constraint is time :slight_smile:

From my perspective the changes in the spec between “v1” and “v2” are primarily of interest to ACME client/server developers. From an end-user perspective the changes are likely to be completely transparent. The internal “guts” of going through an issuance process have changed but the user experience will probably be near-identical between versions.

2 Likes

i tend to disagree

it’s good to understand the new guts as there are a lot of issues that arise due to the fact that people don’t have environments which work well for example with challenges

change management can be a tricky thing and just to say from an end user perspective it will be seamless is a little optimistic.

But that’s just my 5 cents

Andrei

@jsha

Am I right in understanding that ACME v2 is in fact just this version of the standard?
https://tools.ietf.org/html/draft-ietf-acme-acme-07

Or is it an internal let’s encrypt nomenclature?

Andrei

It's internal nomenclature. We refer to "V2" as whatever will be standardized by the IETF as an RFC. The ACME specification hasn't become an RFC yet - draft-07 is the current document being worked on. It's likely very close to what will be the RFC and the "V2" that we implement.

One particular question: I notice that the “combinations” are no longer in the authz objects in the 07 draft. Now the protocol asserts that any one of the challenges suffices.

Was there just no interest in the “combinations”? Not that I lament seeing it go away—hey, one less complication!—but I’m just curious why it was apparently set aside.

That's a fair opinion :slight_smile:

I would also point out that anyone strongly interested in seeing such a document has the resources available to write it themselves. The information required can be pieced together from ACME draft-07 and the ACME divergences document that Boulder maintains.

I think that this is the mailing list thread that resulted in the removal but I believe the topic had come up before as well.

1 Like

Is there a v2 staging endpoint yet?

Not yet, but if you'd like to try developing against a server that implements the latest ACME draft, try Pebble.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.