Sorry I understand all those issues, and I also want everyone using TLS, but I think we have to figure out another way then.
Either limit the certificate to be only usable from that origin it has been verified from, or somehow get the consent of the domain owner. If not by changing DNS config, it might involve some other mechanism. But what is the reasoning here? Only because we are not able to find a way to do it properly automated we have the right to skip the domain owner, removing him from the equation? On Wed, Dec 16, 2015 at 6:04 PM, Phillip Hallam-Baker <[email protected] > wrote: > On Wed, Dec 16, 2015 at 11:22 AM, Salz, Rich <[email protected]> wrote: > >> The target users are server admins right? > >> In order to set up their services, they should be familiar with DNS. > > > > Nope, not a requirement. > > Even if you are familiar with the protocol to the point of having > written your own client and server, this does not mean that your > hosting provider gives you the access required to do more than > configure a few records. > > I can edit A, AAAA, MX, SPF, TXT and SRV records and that is it. > > I can't set up my own DNS server because my local ISP does not offer > static IP addresses unless I pay significantly more for my service. > > > An 'automated' certificate issue scheme that requires me to change my > ISP configuration isn't going to be a labor saver for me. >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
