On Fri, Sep 11, 2020 at 9:28 AM Philipp Junghannß <[email protected]> wrote:
> problem is obviously also the CA/Browser Forum has certain requirements, > and I guess having access to some kind of direct verification at the time > of issue might be probably one of these. > This is the correct answer. While the IETF can certainly explore developing voluntary standards for other methods, the ability for CAs to adopt these methods is limited by CAs customers: the browsers and operating systems that include and use CAs to validate domain names on their behalf. The explicit goal by several browser/OS vendors is to obtain a fresh proof of control over a domain, and reduce/eliminate any caching or reuse. Delegation (by keys or persistent records) is definitely an area of expressed concern. I think the suggest of more uniform APIs for managing DNS is very much in line with those goals, and would help far more than ACME.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
