I strongly agree with those who do not want to open this can of worms at this time, but my preference for examples in future documents would be something like "example.com" for a generic domain name being validated (because the .com tends to evoke a generic end-user DNS name, for better or worse), while using things like "acme-server.example" for more specific server roles.
The documents could even explicitly specify this convention (example.com or .net is a generic domain name being validated, anything .example is the name of a specific server acting in a particular role). I think such an explicit enumeration of how various example names are used, and consistent use of such a naming policy would make many documents and examples much clearer. -Tim > -----Original Message----- > From: Acme <[email protected]> On Behalf Of Alan Doherty > Sent: Thursday, September 20, 2018 11:08 AM > To: Felipe Gasper <[email protected]>; Kas > <[email protected]> > Cc: [email protected] > Subject: Re: [Acme] example.com is used all over the draft > > or both > > From section 2 : > "The CA verifies that the client controls the requested domain name(s) by > having the ACME client perform some action(s) that can only be done with > control of the domain name(s). For example, the CA might require a client > requesting example.org to provision DNS record under requested- > name.example.org or an HTTP resource under http://requested- > name.example.org." > > I suggest to use "example.org" only for the client mentioned in section 2, > while > adding another identifier like "acmeserver.example.net" or > "caserver.example.net" will enhance the readability of all these examples. > > thus differentiating the > role.example.(org for request org, net for acme provider, com and others for > other cases) > > thus both role(descriptive) and tld(consistent) > > so say a SAN example could be (to show domains don't have to be related) > requested-name.example.org other-requested-name.example.com > > acmeserver.example.net > > At 14:02 20/09/2018 Thursday, Felipe Gasper wrote: > >Are “acmeserver.com†or “caserver.com†reserved domains? > What > >about: acme-client.example.com acme-server.example.com ? -FG > On Sep > >20, 2018, at 8:58 AM, Kas <[email protected]> wrote: > > > >From section 2 : > "The CA verifies that the client controls the > >requested domain name(s) by having the ACME client perform some > >action(s) that can only be done with control of the domain name(s). For > >example, the CA might require a client requesting example.com to > >provision DNS record under example.com or an HTTP resource under > >http://example.com."; > > I suggest to use "example.com" only for the > >client mentioned in section 2, while adding another identifier like > >"acmeserver.com" or "caserver.com" will enhance the readability of all > >these examples. > > _______________________________________________ > > > >Acme mailing list > [email protected] > > >https://www.ietf.org/mailman/listinfo/acme > >_______________________________________________ Acme mailing list > >[email protected] https://www.iet > f.org/mailman/listinfo/acme > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
