On 8/18/2020 11:16 PM, Matt Holt wrote:
I propose that RFC 8555 ยง7.5.1 be revised to say, "The server is said to "finalize"
the authorization when it has successfully completed one of the challenges or failed all of
them."
I join my voice to Matt's, but I have slightly different proposal:
There is Sender Policy Framework (SPF) which works just fine as it for
emails, a similar mechanism is my proposal, where DNS TXT record will
declare and establish an ACME policy, what acme challenges should be the
minimum acceptable by the ACME service to authorize, also it will define
the maximum needed to authorize.
Like the ability to declare what challenges is supported by the client
(as a list or an array), and what is the minimum challenges must be
passed, here for this minimum passed a simple number may be like 2,
means two of the three supported challenges must be passed, also it can
have a challenge(s) as a must, server must be guided by this rule as
long that policy exist at the time of validation, and in absence of such
policy it will act as currently does.
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
