I've submitted various pull requests for discussion here. Firstly, I've drafted a specification for tls-sni-02 which resolves Jehiah's concerns. <https://github.com/ietf-wg-acme/acme/pull/71>
Secondly, I've added operational guidance for the use of DNSSEC by ACME CAs. https://github.com/ietf-wg-acme/acme/pull/69 Thirdly, I propose the removal of autorenewal, which complicates the protocol, introduces a number of concerns and risks, and doesn't really enable anything that couldn't be done without it. I'm also not aware of any current implementations of it. <https://github.com/ietf-wg-acme/acme/pull/67> Fourthly, I think the expiry of authorizations should be a timestamp, not merely a date. This also fixes some examples with incorrect RFC3339 timestamps. <https://github.com/ietf-wg-acme/acme/pull/68> Hugo Landau _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
