-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 09.02.2016 14:53, Michael Wyraz wrote:
> Hello Jonas,
>>
>>> IMO a better way to support your scenario as well as those I
>>> described above would be to check for an SRV-Record before
>>> checking A-Records. This would be 100% compatible
Hello everyone,
we are discussing whether it is technically legal to validate the DNS
challenge TXT record when the validation domain is delegated away from the
domain to a different zone.
Scenario: a certificate request for domain = "foo.bar.com", which would
have fqdn =
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 21.01.2016 15:13, Salz, Rich wrote:
>
>> I am not at all familiar with the processes in an IETF WG. What
>> is the way forward to get my proposal either into the protocol or
>> officially dismissed?
>
> This is the way it works. :) People
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello Michael,
(re-sent to include the list, sorry for the noise, Michael)
On 09.02.2016 11:52, Michael Wyraz wrote:
> thank you for the proposal. I think addressing such setups is a
> good idea.
Thank you for your feedback!
> The solution you
Hello Jonas,
>
> > IMO a better way to support your scenario as well as those I
> > described above would be to check for an SRV-Record before checking
> > A-Records. This would be 100% compatible with existing acme http-01
> > clients. In your case you would resolve the SRV record to the
> >
On Tue, Feb 9, 2016 at 12:29 PM, Jan Broer wrote:
> Hello everyone,
>
> we are discussing whether it is technically legal to validate the DNS
> challenge TXT record when the validation domain is delegated away from the
> domain to a different zone.
>
> So, I find the phrase
Hi Jonas,
> So if I understand this correctly, the ACME client would have to set
> (or modify) the SRV records in such a way that the host which is
> currently running the client is the one with the highest priority?
> This sounds like you could just use the DNS challenge, right?
>
> And it is a