Am Tue, 23 Dec 2014 15:50:05 -0500 schrieb Richard Barnes <[email protected]>:
> > IIUC, you're suggesting that there's a risk that Dreamhost might > > let you register a CNAME record for <md5>.dreamhosters.com that > > points to <sha1>. comodoca.com. > > A colleague just said to me: "most shared hosts (like Dreamhost) > > designate that subdomain you request for webhosting and that it's > > incredibly unlikely (read: near-impossible) to get them to change > > their DNS for that to point anywhere other than their shared > > hosting servers." > > > > I can confirm that this is the case with Dreamhost, having just tried > the experiment. Nonetheless, this seems like kind of a fragile > assumption, given that there do exist some less-clueful hosting > providers. Each dyndns provider does exactly that, allowing you to register a record with an user chosen name pointing to any IP. This is at least true for A records, but I could imagine similiar serives (host forwarding servicde) for CNAME. So TXT is better in that case (however none of them should be used without a second factor like whois-mail or to not issue certificates for the domain name without the host prefix (or even worse wildcards)). Gruss Bernd _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
