Again, this discussion seems to assume that the validation mechanism is validating the host that is to receive the cert as opposed to the holder of the domain name.
If a site is using geo-location based services, things are going to get really hairy. One possible response would be that this is a corner case that isn't worth automating. The point of automation is to save effort, if it is going to be more complex then don't do it. A better approach would be to configure all the servers in the geolocation cluster to route their certification requests through a LRA that has been validated and can countersign the requests. If we are doing that then the obvious way to link the LRA to the authentication scheme is to put the cert or key fingerprint for the LRA into a DNS record. For example use a CAA record. But the more common case would be a site with two servers, both requiring a certificate. Obviously, we would want each device to have a different certificate. An LRA is overkill for that case. But you still need to be able to make sure that the host that made a request can respond. Even if firewall configuration means that outbound HTTP requests go on a different IP address to inbound.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
