> I don't think I understand the IANA registry bit here. Is the idea that > FooCA registers something like FooCA-send-us-this-by-registered-mail, and > when the challenge is received by a client it looks at the IANA registry for > something it can parse into human interaction? How is that better than a > single "offline" challenge where the URL to check for the steps is in the > response?
It lets a single "generic" client say "I don't understand the OmniPublish offline protocol" Or lets CA vendors ship plugin libraries for a generic ACME client (such as distributed by LetsEncrypt org). And yes, maybe it's not needed if the URL is something the human points their browser to. > This seems fairly low on the priority list, honestly, but if we are going to > do it, I think we need to have some thought to what happens at some of the > larger time scales. If months pass, the contact information may go stale, to > take a simple example. I think it's higher than that *if and only if* the commercial CA's find it something they could use. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
