You don't say if you support adoption or not. Is this something the WG should on? Once adopted, the WG can change it.
Seo Suchan <tjtn...@gmail.com> wrote: > I think it'd better to not limit challenge type to dns-01, but to any > challenge type that CA is be allowed to issue wildcard cert from it. there > may be add another challenge type (like using rfc8823's mail challange to CAA > iodef or whois mail?) or DNS challenge may needed to amend to dns-02 in > future. I think that should new challenge types come along, that those new challenges will either Update this document, will detail some new consideration, or will detail why a subdomain challenge can't apply. Security reviewers do not like it when they inputs to some protocols can be anything. Narrow scopes are easy to widen with later documents. The opposite is not the case. -- Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme