Permit caching of /directory #4814
Comments
aarongable
added a commit
that referenced
this issue
Dec 13, 2023
We currently use the same logic to ensure that domain names are valid for certificate issuance and are valid for being the domain component of a subscriber's contact email address. However, we do not need to be as strict for email addresses: namely, it is possible for a subscriber to have an email whose domain component is exactly an ICANN TLD, while it is forbidden for us to issue a certificate to a name that is exactly an ICANN TLD. Move the TLD logic out of ValidDomain and into its two callers: willingToIssue and ValidEmail. Slightly modify the logic in ValidEmail to not reject ICANN TLDs. Fixes #5372 Fixes #4814
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, requesting the
/directorygives this response header:A strictly implemented client is forced not to cache the result, but fetch a new copy of the directory every time it is needed. However, the contents of the directory are likely to change very rarely.
Boulder should instead set a reasonable
expiresheader, to reduce unnecessary requests.This would also help to reduce log volume, see issue #3050. 😉
The text was updated successfully, but these errors were encountered: