Perhaps clients should be allowed to specify a 'routing key' when requesting that TLS-SNI validation be performed.
The name used would be:
x.y.ROUTING-KEY.token.acme.invalid.
The routing key would be limited in length, up to say 16-32 bytes and
must be a single DNS label in [a-z0-9-]{1,63}.
If a routing key isn't specified, a routing key of "default" can be used.
Hugo Landau
_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
