On Fri, 30 May 2025, Paul Wouters wrote:
and if you're going to do that, you know where to find ACME.
Indeed, but is a cron job really a method to confirm continued
acceptance of a service? It requires credentials to make a DNS
change and in a way only weakens the security model. (just like ACME
using DNS-01 doesn't add anything to just publishing TLSA records in
the DNS)
Well, it does show that someone or something is awake enough to run the
cron job while I know from personal experience that TLSA records can go
stale for quite a while. But we're all waving our hands here.
R's,
John
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
