I agree with Niklas that this extension seems harmless. It seems like we could make it safe to ignore just by tweaking the verification rules so that the server is only required to check the containment if it's going to use the "address" field as a guide.
Jacob: Could you clarify whether you think there's a substantive issue here, or just a process issue? On Thu, Jun 9, 2016 at 7:52 PM, Niklas Keller <[email protected]> wrote: > 2016-06-09 19:12 GMT+02:00 Jacob Hoffman-Andrews <[email protected]>: > >> https://github.com/ietf-wg-acme/acme/pull/138 >> >> This reverts commit a5cb357 >> >> I think we did not reach consensus on the list about this feature. >> > > What's the issue with it? I think it's fine. It saves setting up redirects > to another domain that's only served by one IP. > > If the server chooses by random, it will succeed any 1/X times if someone > has control of just one server behind. > > Regards, Niklas > > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
