What instructions should we give to a human being who wants to see LE’s terms of service?
Obviously a machine will grab the /directory endpoint, parse the JSON, and go to the meta.termsOfService URL.
This seems a bit awkward to ask a human to do. It’ll work in modern browsers—FF gives you a clickable link, while Chrome requires copy/paste—but visually sifting through ACME protocol details like keyChange, newAccount, etc. could be a bit off-putting to non-technical users.
There’s also https://letsencrypt.org/repository/, and maybe it’s a bit nicer to say, “go there, and click the first link under ‘Let’s Encrypt Subscriber Agreement’”. But how stable is the design (and wording) of that page?
The ideal would be a simple URL that always redirects to the current terms of service. (Not to be obnoxious; I know I’ve asked for this previously.) Failing that, though, what is the best course?
I thought the understanding was that ACME clients don’t themselves go to the termsOfService URL. They either present the URL to the user to put in their browser or directly open a browser to the page. They could even load it into an internal web view if it’s a GUI app.
The latest subscriber agreement for human consumption will always be found at https://letsencrypt.org/repository/. What is your end goal for wanting a different static link?
It would be a nicer user experience not to have to visually parse that page. There are a lot of links on there, which creates room for confusion. A simple link like http://letsencrypt.org/terms-of-service, which we could link to from our documentation, would avoid the “page full of links” experience.
It would also obviate the need for a caching layer that we’ve had to create to accommodate the pending removal of the v1 API’s /terms URL. That was the use case I cited earlier; the purely-human use case I’ve now brought up is one that a teammate pointed out to me.
I’m still not sure why you require a direct link. “nicer user experience” is rather vague to me. Also, the repository hosts multiple documents which are relevant, three to be exact. Do you also would like to have THREE “direct” links to those documents?
I think you’re selling clients short if you only link to the subscriber agreement. But if you make a direct link to every document on that page… Well… Then there is no real benefit of those links if you’d ask me… Just use the repository.
I don’t understand. The API itself only includes the subscriber agreement; as far as I know, that’s the only document that a user needs to understand and to accept, right?
I don’t “require” a direct link, but I’m trying to make life easier for our users who want to see the ToS document. The repository document suits users who are familiar with what all of those different documents are but is an awkward fit for a human who is new to it all and just wants to know what they have to agree to in order to use the service.