Currently
1) Client->Server Request(domain.xy) => Response(nonce to be signed)
--> Server fetch CAA record
2) Client->Server Request(Please check via dns/http)
--> Server check resouce
3*) Client->Server Is the Check complete(Please check via dns/http)
My Idea
1) Client->Server Request(domain.xy) => Response(nonce to be signed)
--> Server fetch CAA record + DNS(acme.pubkey.domain.xy) to get the PIN
of account key
2) Client->Server Request(Signed nonce with private key, Public Key) =>
Response(Sucess/Failed)
Am 21.03.2016 um 10:34 schrieb Philipp Junghannß:
to sign an extra random value because it should probably have signed
one when trying to request the cert so they can just check for the
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
