On Mon, Dec 14, 2015 at 05:53:17PM +0100, Julian Dropmann wrote: > > >This effectively means, as a domain zone admin, I have to trust every > > single service I define, not just to properly deliver this service, but > > also not to exploit his ability to obtain signed certificates in my name. > > > > Yes. > > > And you are perfectly aware, that this was not the case before ACME-enabled > CAs existed, and now applies to every single domain admin on this planet, > right?
I think there are non-ACME CAs that allow validation mechanism similar to the HTTP validation (and where already before ACME ones came really around). -Ilari _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
