Hiya, On 16/12/15 01:44, Julian Dropmann wrote: > The target users are server admins right? In order to set up their > services, they should be familiar with DNS.
Familiar with != has write access to. In my university, I have root on 24U of boxen with zero write access to the routers, f/w, DNS or mail servers, meaning that for 13 years I couldn't get the two that are publicly visible web servers certified by any CA any time I checked, which was admittedly not that often. ACME (via LE in that case, but I've no allegiance) fixed that in a couple of minutes. And those minutes didn't require deep knowledge of anything - relative ignorance would have worked just as well, which is fantastic:-) And before someone argues, sure there are other situations but our goal here is to define a protocol that works in the most common of those cases as easily as possible and that supports automation. > To use the current > mechanism they already need to configure the A record. Not necessarily the same admins. That much is pretty obvious and unless someone has demographics about how many sysadmins have what access to what (which would be great!) I think this is repetitive argument and therefore pointless. Cheers, S. > So whats the > big difference? Instead of an A record they need to use an SRV > record. So technically only the record type changes. Nothing else. > How is that even a higher level of interaction? > > There are other services requiring admins to create DNS records > (Google Apps for example). They are being used. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
