Now that I'm more familiar with method 9 and 10 domain validation methods and heard a few side discussions about the topic, it's made me (and others) wonder if the ACME TLS-SNI-01 is compliant with BR Method 10.
The BRs say: 3.2.2.4.10. TLS Using a Random Number Confirming the Applicant's control over the FQDN by confirming the presence of a Random Value within a Certificate on the Authorization Domain Name which is accessible by the CA via TLS over an Authorized Port. But it's my understanding that the CA validates the presence of the random number on "random.acme.invalid" and not on the ADN specifically. Is the validation done by confirming the presence of a random number within the certificate on the ADN, or some other location? I'm probably misreading the ACME spec, but is sure seems like the validation is not being done on the ADN. Doug _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy