On Thu, Nov 12, 2015 at 02:14:11PM -0800, Jacob Hoffman-Andrews wrote: > I like the idea, and it generalizes to the other queries. For instance, > you can imagine putting up an HTTP validation file that contains a list > of authorized account keys, with no random token. > > However, the CA/B Forum validation requirements currently being > discussed include a requirement for a "Random Token." So we'd need to > convince them to add language that would allow something like an > authorized account key.
That's unfortunate. Is the language unambiguous enough that the 'random token' must be per-authorization, rather than e.g. a random token generated at account generation time (which could be passed as well as the account key)? If there's no way around this, it seems like it might still be useful to specify a deterministic DNS challenge type so that a specification is available for implementation if they change their minds. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
