> Is such a thing planned? Are there security reasons against doing > this? Are there security reasons against doing this on a DNSSEC signed > domain (which klausurschokola.de is)?
Personally, I wouldn't think it unreasonable to allow an ACME client to request that a specific IP be used for the purposes of a challenge. The server would then verify that that IP is one of the candidate IPs, rather than selecting one at random. I don't see that this causes any loss of security, so it seems like a sensible inclusion. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
