x/crypto/acme: allow setting client KID directly #46303

Stanwise · 2021-05-21T14:33:08Z

What version of Go are you using (`go version`)?

$ go version
go version go1.13.4 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (`go env`)?

N/A

What did you do?

I have a service that uses acme.Client for communication with an RFC8555 CA. For technical reasons I need to reconstruct the acme.Client multiple times during the full flow.

Current implementation works overall, but I'd like to be able to specify account KID (equal to Account.URI) explicitly, instead of having the library always call the CA's account registration endpoint to obtain kid to cache: https://github.com/golang/crypto/blob/c07d793c2f9aacf728fe68cbd7acd73adbd04159/acme/acme.go#L152

What did you expect to see?

I'd like to be able to create the client like this:

&acme.Client{
    Key:          signer,
    KID:          accountURI,
    DirectoryURL: directoryUrl,
    HTTPClient:   &http.Client{...}
},

And have the kid field populated from it , e.g.:

KID field could be a string, only used in the first request to pre-populate the private mutex-protected kid value.
The following snippet could be added to accountKID function between lines 151 and 152

if c.KID != "" {	
  c.kid = c.KID
  return c.kid
}

What did you see instead?

I have to specify the client like this:

&acme.Client{
    Key:          signer,
    DirectoryURL: directoryUrl,
    HTTPClient: &http.Client{...}
},

And then the library calls the CA's account registration endpoint to obtain kid to cache. This results in a lot of unnecessary calls to the CA.

The text was updated successfully, but these errors were encountered:

gopherbot · 2021-10-08T19:01:35Z

Change https://golang.org/cl/354697 mentions this issue: acme: expose Client KID field

rolandshoemaker · 2021-10-11T15:13:08Z

(sent a CL for this, but just to articulate my thoughts here) This seems reasonable to me. I don't think adding a duplicate public field is worth the extra complexity, seems fine to just expose the existing kid field.

rsc · 2021-10-13T18:00:57Z

This proposal has been added to the active column of the proposals project
and will now be reviewed at the weekly proposal review meetings.
— rsc for the proposal review group

rsc · 2021-10-20T18:05:24Z

Based on the discussion above, this proposal seems like a likely accept.
— rsc for the proposal review group

rsc · 2021-10-27T18:01:20Z

No change in consensus, so accepted. 🎉
This issue now tracks the work of implementing the proposal.
— rsc for the proposal review group

Expose the previously private KID field of the Client type. This allows callers which have locally cached their key identity to avoid needing to make a call to the ACME service every time they construct a new client. Fixes golang/go#46303 Change-Id: I219167c5b941f56a2028c4bc253ff56386845549 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/354697 Trust: Katie Hockman <[email protected]> Reviewed-by: Katie Hockman <[email protected]> Trust: Roland Shoemaker <[email protected]> Run-TryBot: Roland Shoemaker <[email protected]> TryBot-Result: Gopher Robot <[email protected]>

gopherbot added this to the Proposal milestone May 21, 2021

gopherbot added the Proposal label May 21, 2021

rsc added the Proposal-FinalCommentPeriod label Oct 20, 2021

rsc changed the title ~~proposal: x/crypto/acme: allow setting client KID directly~~ x/crypto/acme: allow setting client KID directly Oct 27, 2021

rsc added the Proposal-Accepted label Oct 27, 2021

rsc modified the milestones: Proposal, Backlog Oct 27, 2021

gopherbot closed this as completed in golang/crypto@30dcbda Jan 31, 2022

rsc moved this to Accepted in Proposals Aug 10, 2022

rsc added this to Proposals Aug 10, 2022

golang locked and limited conversation to collaborators Jan 31, 2023

gopherbot added the FrozenDueToAge label Jan 31, 2023

rsc removed this from Proposals Feb 1, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/crypto/acme: allow setting client KID directly #46303

x/crypto/acme: allow setting client KID directly #46303

Stanwise commented May 21, 2021

gopherbot commented Oct 8, 2021

rolandshoemaker commented Oct 11, 2021

rsc commented Oct 13, 2021

rsc commented Oct 20, 2021

rsc commented Oct 27, 2021

x/crypto/acme: allow setting client KID directly #46303

x/crypto/acme: allow setting client KID directly #46303

Comments

Stanwise commented May 21, 2021

What version of Go are you using (go version)?

Does this issue reproduce with the latest release?

What operating system and processor architecture are you using (go env)?

What did you do?

What did you expect to see?

What did you see instead?

gopherbot commented Oct 8, 2021

rolandshoemaker commented Oct 11, 2021

rsc commented Oct 13, 2021

rsc commented Oct 20, 2021

rsc commented Oct 27, 2021

What version of Go are you using (`go version`)?

What operating system and processor architecture are you using (`go env`)?