+1 > On 4 Dec 2015, at 11:52 AM, Ryan Pendleton <[email protected]> wrote: > > Personally, I think that's a more appropriate approach. > > Even if a protocol change was made that allowed an ACME client to pin > the challenge to a certain IP address, the requested IP may not always > be returned by the authoritative DNS server. Any type of latency, geo or > weighted routing algorithm could potentially get in the way. > > On Fri, Dec 04, 2015 at 12:46:01AM -0800, Peter Eckersley wrote: >> There's a fairly good solution available with the current protocol, >> which is to serve a (long lived) redirect from >> /.well-known/acme-challenge/ on all of the servers to a different URL >> that is always answered by the machine you run an ACME client on. >> >> Are there any cases where that is sufficiently unworkable to warrant a >> protocol change? >>
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
