Am 07.07.2017 um 07:10 schrieb Eliot Lear:
Just a caution that configuration for 2138 is not always straight forward and in implementation and deployment sometimes has interactions with other functions. I suggest that someone who really wants to do the standardization here install a version of opendnssec and get things working with that code running. Documenting those steps would prove useful (he says having chosen another form of auth, having been down this road).
After the information of my DNS server provider not having any interface for automated operations I have given up the RFC 2136 approach. In my opinion a solution with dynamic records is way to complicated. The easier solution is if every ACME-client creates a static asymmetric key pair. The operator can add the public key manually to the DNS records and the ACME-client uses the private key for authorization with the CA.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
