Perhaps clients should be allowed to specify a 'routing key' when requesting that TLS-SNI validation be performed.
The name used would be: x.y.ROUTING-KEY.token.acme.invalid. The routing key would be limited in length, up to say 16-32 bytes and must be a single DNS label in [a-z0-9-]{1,63}. If a routing key isn't specified, a routing key of "default" can be used. Hugo Landau _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme