-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 01.12.2015 02:36, Hugo Landau wrote: >> Is such a thing planned? Are there security reasons against >> doing this? Are there security reasons against doing this on a >> DNSSEC signed domain (which klausurschokola.de is)? > > Personally, I wouldn't think it unreasonable to allow an ACME > client to request that a specific IP be used for the purposes of a > challenge. The server would then verify that that IP is one of the > candidate IPs, rather than selecting one at random. I don't see > that this causes any loss of security, so it seems like a sensible > inclusion. That is great to hear! What is the preferred course of action now? Should I open an issue on the protocol draft repository? (Which I assume is at [1]) best regards, Jonas [1]: https://github.com/letsencrypt/acme-spec -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJWYKyHAAoJEMBiAyWXYliKEfAP/A4pTkT/4exKxW3nvv1VTUex zunTI0G9lGnGDZ6vtJwTp28LiI3xqyMW1N32d525zSsaxphQljBstMQZPuW5SDIe MKNceHyocXyBY+39wFWQMeVC4q4GsFBKSVLCyypvnW1EBjDGRwmQ6+KsF73fjQpF zJBemiQsEx2wvj3XzuKzmI1r+7VauPCr1vk+R8238Kyr2GXYiQsDT0sf2dLsjTmt Hg71wUH8gjcSrIlahOKPmbI0KUeqrToF3gOgY18fSFIzDkY7eMxtudHMdooz66rX odAoqQFB2+Zx+WWo+2GJUNJ9V0JJGxRdanuhsjneLKdD1JXD3IKf9iCeT7ddBcVE zsIp9i2XP0BGdVF6ZTvFB0j2iPxzJbEtJRAjYrqIRpnpy+sEBRvh9ShMOoPHHd6B O8WljnLP6gbI8yf7j2iODtEkuWGCntM4jweash9wDTTq78Z8v5bjmSb4rQCCsBSM 0EwHATLTPP0oPFnFOaz+jYKexwKxJqkT9AwAGxY2SChFJbj/NV6k0c+Ng7FzJXy9 thcQ6AUJlgrvCi4fx9jukfZr0RiO2u26q0O+KGKUf9lMrWLwda/AKSnpI7v2OBNZ dMaojNjdaumHovw/3BYeNlm+00QHF5Zl0M2R7tOpknvfazXeEtzxEeEZKQ8jdwbM ZC2tMCXy4RulY1HARJXM =rTxj -----END PGP SIGNATURE----- _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
