> On Jan 12, 2018, at 12:45, Daniel McCarney <[email protected]> wrote: > > Hello folks, > > As I'm sure many of you are aware by now, recent developments[0] [1] [2] have > identified real-world server/hosting configurations that violate the > assumptions of TLS-SNI-01 as well as its currently specified replacement, > TLS-SNI-02. > > In light of these issues and the feasibility of addressing them across the > entire Internet it seems prudent that the ACME specification remove this > challenge type pending the development of a better alternative (TLS-SNI-03?). > I've submitted https://github.com/ietf-wg-acme/acme/pull/390 to make this > change. > > It also seems prudent that the working group take its time considering the > design and specification of TLS-SNI-03. It will also take time for there to > be server and client implementations of a new TLS-SNI-03 specification once > ready. > > With these thoughts in mind I think we should consider TLS-SNI-03 outside the > scope of the current draft and proceed with a draft that has only HTTP-01 and > DNS-01 challenge types, deferring TLS-SNI-03 for a follow-up document. > > What are the thoughts of the other WG participants?
I support this plan. Given the late stage, I think it makes sense to move the new TLS challenge type work to a new document. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
