> Basically, for security, one needs to put the domain to be validated to the SNI > field. Not doing that was the reason for the TLS-SNI-01/02 vulernability.
I agree. Not only for security, but for compliance, both with the Baseline Requirements [1] and the intended use of SNI. Abusing SNI as an OOB communication channel was a bad idea and should not continue. -Tim [1] I am unpersuaded by tortured arguments used to claim TLS-SNI-01/02 complies with the Method 10 requirements.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
