Mads, I can speak to the first points about 3.2.2.4.10:
Yes, "TLS Using a Random Number" is intended to permit the TLS-SNI method from the ACME specification. You're right that it's missing the clause "on the Authorization Domain Name" as appears in the other methods, it should be added. I updated the graphical diff from earlier in this thread: https://github.com/cabforum/documents/compare/Ballot-169...jcjones:Ballot-169?expand=1 Cheers, J.C. On Thu, May 12, 2016 at 5:01 PM, Mads Egil Henriksveen < [email protected]> wrote: > Hi Jeremy > > > > I think this proposal clarifies the approved domain validation methods and > describes how to implement most of the methods. > > > > However, the method described in 3.2.2.4.10 TLS Using a Random Number is > incomplete according to my understanding. Compared to the other methods, > this method does not describe how to ensure that the actual FQDN is > controlled by the applicant. I do not find any link between the FQDN and > the Certificate and/or TLS connection used to verify the Applicant’s > control (i.e. similar to the Authorization Domain Name acting as a link for > some of the other methods). And is the *TLS with Server Name Indication* > validation method as defined in the ACME specification meant to be covered > by this method? > > [snip]
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
