It appears that Michael Thomas <[email protected]> said: >> But first, I hope we are all aware that the vast majority of https >> certificates >> are signed automatically using ACME. How does ACME validate the domain names >> it >> signs? > >This doesn't make any sense.
ACME certs are validated using ordinary non-DNSSEC DNS lookups. For identifying the far end, there is no difference between using a cert and looking up the name in the DNS, since the cert is just a roundabout way of doing the same DNS lookup. But this is getting rather far away from the charter discussion where I see no interest whatsoever in changing the way DKIM keys are looked up in the DNS. R's, John _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
