Internet-Draft draft-ietf-acme-dns-persist-00.txt is now available. It is a
work item of the Automated Certificate Management Environment (ACME) WG of the
IETF.
Title: Automated Certificate Management Environment (ACME) Challenge for
Persistent DNS TXT Record Validation
Authors: Shiloh Heurich
Henry Birge-Lee
Michael Slaughter
Name: draft-ietf-acme-dns-persist-00.txt
Pages: 27
Dates: 2025-11-03
Abstract:
This document specifies "dns-persist-01", a new validation method for
the Automated Certificate Management Environment (ACME) protocol.
This method allows a Certification Authority (CA) to verify control
over a domain by confirming the presence of a persistent DNS TXT
record containing CA and account identification information. This
method is particularly suited for environments where traditional
challenge methods are impractical, such as IoT deployments, multi-
tenant platforms, and scenarios requiring batch certificate
operations. The validation method is designed with a strong focus on
security and robustness, incorporating widely adopted industry best
practices for persistent domain control validation. This design aims
to make it suitable for Certification Authorities operating under
various policy environments, including those that align with the CA/
Browser Forum Baseline Requirements.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-acme-dns-persist/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-acme-dns-persist-00.html
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
_______________________________________________
Acme mailing list -- [email protected]
To unsubscribe send an email to [email protected]
