You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We'd like to start deprecating and removing non-standard fields from Boulder's responses.
Checklist of wire-level fields Boulder emits that are not defined in the RFCs or the drafts Boulder implements: RFC 8555, RFC 9773, RFC 8737, draft-ietf-acme-profiles, draft-ietf-acme-dns-account-challenge, draft-ietf-acme-dns-persist).
Account key — emits the full JWK on every account response. RFC 8555
§7.1.2 enumerates exactly status, contact, termsOfServiceAgreed, externalAccountBinding, orders; key is not defined, and §7.3
specifies the server "MUST NOT reflect … any unrecognized fields" in the
resulting account object. core.Registration.Key
Account createdAt — non-standard timestamp on account responses.
Not defined in RFC 8555 §7.1.2. core.Registration.CreatedAt
Challenge validationRecord — serializes an internal object tree
(URLs, hostnames, ports, resolved/tried IPs, resolver addresses) onto
challenge responses. RFC 8555 §7.1.5 / §8 define only type, url, status, validated, error plus per-type fields; this field is not
defined for any challenge type in RFC 8555, RFC 8737, or the dns-account
/ dns-persist drafts. core.Challenge.ValidationRecord
We'd like to start deprecating and removing non-standard fields from Boulder's responses.
Checklist of wire-level fields Boulder emits that are not defined in the RFCs or the drafts Boulder implements: RFC 8555, RFC 9773, RFC 8737, draft-ietf-acme-profiles, draft-ietf-acme-dns-account-challenge, draft-ietf-acme-dns-persist).
Account
key— emits the full JWK on every account response. RFC 8555§7.1.2 enumerates exactly
status,contact,termsOfServiceAgreed,externalAccountBinding,orders;keyis not defined, and §7.3specifies the server "MUST NOT reflect … any unrecognized fields" in the
resulting account object.
core.Registration.KeyAccount
createdAt— non-standard timestamp on account responses.Not defined in RFC 8555 §7.1.2.
core.Registration.CreatedAtChallenge
validationRecord— serializes an internal object tree(URLs, hostnames, ports, resolved/tried IPs, resolver addresses) onto
challenge responses. RFC 8555 §7.1.5 / §8 define only
type,url,status,validated,errorplus per-type fields; this field is notdefined for any challenge type in RFC 8555, RFC 8737, or the dns-account
/ dns-persist drafts.
core.Challenge.ValidationRecord