What is going to happen with email addresses on accounts?

Hi,
I can't see whether it was answered already, so sorry if duplicate.

What will happen with email addresses that were provided during ACME account registration, since they will no longer be used for expiration emails?

Are they going to be deleted, or opted-in to general mailings?

Will newly created ACME accounts have email addresses ignored during creation, or maybe failed with error?

Thanks.

Disclaimer: I am not affiliated with Let's Encrypt, so I don't know this for sure.

Based on what I've seen in recent Boulder developments such as this issue, it's the latter: Let's Encrypt will remove the email addresses from their own databases, but sign them up at an external mail provider. This allows them to send general, untargeted emails to subscriber with announcements, without actually linking an ACME account and an email address.

As per the issue linked above, the current intended design appears to be to forward them to the external mail service, and then immediatly "forget" them. Thus they will still appear to be supported.

4 Likes

Interesting; I thought they were going to remain to alert users about revocation. Did you see anything about potential callback urls taking their place?

The ACME ecosystem is getting increasingly complex now - some providers will require a contact, and now some will (essentially) do the opposite.

4 Likes

This will have interesting impacts upon unsubscription behavior as currently one can simply update the contact to nothing/blank to effectively "unsubscribe". I wonder what will happen with such behavior after this point?

3 Likes

I've seen nothing in that direction, only progress to fully decouple emails and accounts.

3 Likes

Let's Encrypt will not retain emails in the CA. We'll send a welcome email with information about staying in contact with Let's Encrypt, including opting into mailing lists, for new users who subscribe with an email.

You can subscribe to those lists today: Sign up for emails - Let's Encrypt

Emails are optional today in ACME, and that'll stay the same. We won't return an error or anything like that if one is provided.

4 Likes

Any idea what the operation will be when changing/removing email addresses in accounts? I suppose if the addresses aren't kept connected to an account then there won't be a way to change/remove them later. :thinking: Seems like a one-way street. Suppose that unsubscription and resubscription can just be handled at the email list level via links in the email (or via the link that @mcpherrinm provided above). Just doing a little pre-thinking on how I'm going to word this in CertSage. I think the current wording probably works fine based on my assumptions here. I'd need to remove the unsubscription line and the button wording will need to change.

2 Likes

I don’t have those details about what the change contact endpoints will do.

There will be no way to remove emails via acme because there will be no contact associated with the acme account.

5 Likes

Thank you, @Nummer378 and @mcpherrinm. This is the kind of information I was looking for.

5 Likes