Greetings again. draft-ietf-dnsop-domain-verification-techniques-11 talks about ACME a bit, but has not been updated to cover a new proposal in the ACME WG, draft-ietf-acme-dns-persist-00. I normally wouldn't expect such a reference to a -00 draft from another WG, except that in this case the new protocol is already seeing adoption. For example, Let's Encrypt posted this today: https://letsencrypt.org/2026/02/18/dns-persist-01.html
draft-ietf-acme-dns-persist is relevant to draft-ietf-dnsop-domain-verification-techniques for two significant reasons. First, it models a new method of domain control validation that can reduce the attack surface for a domain name. Second, it fixes the wildcard problem discussed in Section 5 of draft-ietf-dnsop-domain-verification-techniques. It would be grand if the -12 version covered this new ACME work, even if that new ACME work is not yet finished. --Paul Hoffman _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
