On Friday, June 5, 2015, Salz, Rich <[email protected]> wrote: > FWIW, IMHO, and whatever other fla's are appropriate: > > I think it makes sense to at least detail the attacks, since relying on > DNS is one of the methods supported by ACME.
We should document these risks, but we should be clear that they're inherent to non-authoritative identity verification -- including pretty much everything that is done today (regardless of ACME). > > I cross-posted this from > > https://github.com/letsencrypt/acme-spec/issues/131 > > Can the people who maintain this particular github repo, put up some > notice in BIG BOLD FLASHING LETTERS that the proper place for discussion is > on this mailing list? I would propose that one we adopt draft-ietf-, then we put on the controls. For now, it's just an individual draft. But I agree that it is more helpful to have stuff on the list. --Richard > > Thanks. > > _______________________________________________ > Acme mailing list > [email protected] <javascript:;> > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
