Hi,
I will be integrating this challenge type in a fairly popular ACME UI.
From the perspective of an ACME client developer (and a regular LE
forum contributor):
The challenge name won't matter much except for conversational clarity,
clients/docs will still need to explain what it is anyway. My preference
is for dns-account-01 because it's specifically ACME account related.
Regarding label format - for automated updates to the same DNS zone the
user will be largely oblivious except when they are setting up a
permanent CNAME to delegate validation elsewhere. Having it on the left
does open up the possibility of NS delegation to a validation zone, but
it would be 1 domain to one zone so I can't see that being terribly useful.
If the label computation also took into account the full domain within
the hash then you could theoretically delegate to another zone to have
automated validation for many domains from a single dedicated zone, but
I assume it's too late for that.
From an implementation point of view, some DNS clients will have
hard-coded values they now need to make variable either way, and if the
label format is a subdomain of _acme-challenge then some will need work
to re-think how they split labels. If there is some standards compliance
that's better enabled by using left-right, then just use that.
Christopher Cook
https://certifytheweb.com
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
