I would like to propose that we use RFC6844 to allow clients to discover the CA to direct requests to.
A DNS name MAY have multiple CAA records. Each record has a tag specifying the purpose and a text field. So we would add in a text field for ACME. The simplest version would be something of the form: example.com CAA 0 acme "comodo.com" The typical enterprise case has the request going to an LRA because that is where the account key pair is held and that is what did the validation against the CA. I am thinking through that part. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
