On Mon, Dec 14, 2015 at 9:00 AM, Ilari Liusvaara <[email protected]> wrote: > On Mon, Dec 14, 2015 at 05:53:17PM +0100, Julian Dropmann wrote: >> > >This effectively means, as a domain zone admin, I have to trust every >> > single service I define, not just to properly deliver this service, but >> > also not to exploit his ability to obtain signed certificates in my name. >> > >> > Yes. >> >> >> And you are perfectly aware, that this was not the case before ACME-enabled >> CAs existed, and now applies to every single domain admin on this planet, >> right? > > I think there are non-ACME CAs that allow validation mechanism similar to > the HTTP validation (and where already before ACME ones came really > around).
Yes, many existing CAs offer validation via HTTP. Comodo and Thawte/GeoTrust: https://www.namecheap.com/support/knowledgebase/article.aspx/9637/68/how-can-i-complete-the-domain-control-validation-dcv-for-my-ssl- GoDaddy: https://www.godaddy.com/help/verifying-your-domain-ownership-for-ssl-certificate-requests-html-or-dns-7452 SpaceSSL (Certum): https://spacessl.com/support/ (under Required documents) ACME didn't invent validation via HTTP. Thanks, Peter _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
