2015-12-02 18:57 GMT+01:00 Phillip Hallam-Baker <[email protected]>:
> > > On Wed, Dec 2, 2015 at 12:52 PM, Romain Fliedel <[email protected]> > wrote: > >> So we might have a record of the form: >>> >>> example.com CAA 0 acmedv1 "port=666" >>> >>> >> If you have to modify the dns to use a custom port, why not use the dns >> validation method ? (once it's available) >> > > Well there is a slight difference. DNS validation is possibly encumbered > for a start. > > If by DNS validation you mean 'put the response to the challenge in the > DNS' then that requires a lot more administrative connection to the DNS > than 'put the fingerprint of the validation key in the DNS' > There was a discussion about dns validation that was suggesting using the account public key hash as the DNS record value. Thus it would be a relatively easy to provision the value correct value.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
