You don't say if you support adoption or not. Is this something the WG should on? Once adopted, the WG can change it.
Seo Suchan <tjtn...@gmail.com> wrote:
> I think it'd better to not limit challenge type to dns-01, but to any
> challenge type that CA is be allowed to issue wildcard cert from it. there
> may be add another challenge type (like using rfc8823's mail challange to
CAA
> iodef or whois mail?) or DNS challenge may needed to amend to dns-02 in
> future.
I think that should new challenge types come along, that those new challenges
will either Update this document, will detail some new consideration, or will
detail why a subdomain challenge can't apply.
Security reviewers do not like it when they inputs to some protocols can be
anything. Narrow scopes are easy to widen with later documents. The
opposite is not the case.
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
