>> There’s a lot of mixing of example.org<http://example.org> and >> example.com<http://example.com> here, in ways I’m having trouble making >> sense of. I just wanted to confirm those were typos, since we have recently >> seen some confusion around this space.
> I followed the patterns used in RFC8555 which consistently uses example.com > as the ACME server base domain and example.org as the client certificate > identifier base domain, but yes Ryan I did find this a source of confusion > too when reading ACME. > > For clarity, I replaced all example.com with acmeserver.com, and left all the > client identifiers as example.org. https://tools.ietf.org/html/draft-friel-acme-subdomains-02 and https://github.com/upros/acme-subdomains/blob/master/draft-friel-acme-subdomains.md don’t seem to follow RFC 8555’s convention at all, which could be the confusion. Trampling on another arbitrary domain name – acmeserver.com – is worse; unless you can think of an additional domain name to reserve with an update to RFC 6761 Special-Use Domain Names. Stick with the RFC 8555 ACME convention. Maybe tweak it to be, say, site.example.org and ca.example.com if that is clearer. Plus a sentence stating the convention used would help. -- James Manger
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
