Thanks for the draft, Hugo. In general, the idea of making CAA more precise seems like a good vein to explore, and to the dimensions of precision overlap with ACME semantics, it makes sense to do it here.
The other case (besides account URI) that I've heard folks talk about is allowing the domain holder to restrict what validation methods the CA should be allowed to use. For example, you might allow DNS validation and forbid HTTP validation. Between ACME and the new, stricter Baseline Requirements, it seems like we should be able to come up with a pretty comprehensive list of validation methods. Is this something that would make sense to fold into this document? On Sat, Sep 24, 2016 at 11:09 PM, Hugo Landau <[email protected]> wrote: > This is an updated version of my previous draft. Comments invited. > > https://hlandau.github.io/draft-landau-acme-caa/ > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
