Since the consensus seems to be to change to "validation-methods",
here's the wording I propose for the validation-methods section:

  Extensions to the CAA Record: validation-methods Parameter

  A CAA parameter "validation-methods" is also defined for the "issue" and
  "issuewild" properties. The value of this parameter, if specified, MUST
  be a comma-separated string of challenge method names. Each challenge
  method name MUST be either an ACME challenge method name or a
  CA-assigned non-ACME challenge method name.

  The presence of this parameter constrains the property to which it is
  attached. A CA MUST only consider a property with the
  "validation-methods" parameter to authorize issuance where the name of
  the challenge method being used is one of the names listed in the
  comma-separated list.

  Where a CA supports both the "validation-methods" parameter and one or
  more non-ACME challenge methods, it MUST assign identifiers to those
  methods. These identifiers MUST be chosen to minimise the likelihood of
  conflict with any ACME challenge method name; it is RECOMMENDED that, at
  the very least, CAs avoid assigning identifiers ending in a hyphen and
  two digits ("-00").

  A CA SHOULD assign individual identifiers to each of its non-ACME
  challenge methods. However, if it is unable or unwilling to do so, it
  MAY use the fallback identifier of "non-acme" to identify such methods.

Acme mailing list

Reply via email to