RFC Errata
RFC 8555, "Automatic Certificate Management Environment (ACME)", March 2019
Source of RFC: acme (sec)See Also: RFC 8555 w/ inline errata
Errata ID: 5729
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Rob Stradling
Date Reported: 2019-05-22
Verifier Name: Roman Danyliw.com
Date Verified: 2024-01-11
Section 7.5.1 says:
The client indicates to the server that it is ready for the challenge validation by sending an empty JSON body ("{}") carried in a POST request to the challenge URL (not the authorization URL).
It should say:
The client indicates to the server that it is ready for the challenge validation by sending a POST request to the challenge URL (not the authorization URL), where the body of the POST request is a JWS object whose JSON payload is a response object (see Section 8). For all challenge types defined in this document, the response object is the empty JSON object ("{}").
Notes:
It's clear from other text in section 7.5.1 that the "empty JSON body" is interpreted by the ACME server as a "response object". (The first function of this erratum is to clarify this point).
Section 8 says that "The definition of a challenge type includes...Contents of response objects", and section 7.5.1 notes that "the challenges in this document do not define any response fields, but future specifications might define them". (The second function of this erratum is to permit clients to send response objects that contain response fields).