On 2015-12-15 14:13, Salz, Rich wrote: > If someone like the CABForum or a new IETF WG (PKIX-bis anyone?) defined an > extension that said "this certificate is only used for HTTPS" then, an ACME-2 > challenge that could get such certificates make sense.
There's SRVName from https://tools.ietf.org/html/rfc4985 which in theory already can be applied to https already. SRVNames are used in the XMPP world a lot, maybe other places as well. As for using SRV records, if someone goes and puts _acme._tcp IN SRV then they already demonstrate control of the domain. -- Kim "Zash" Alvefur
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
