Re: [Acme] ACME subdomains

2020-09-02 Thread Manger, James
>> There’s a lot of mixing of example.org and >> example.com here, in ways I’m having trouble making >> sense of. I just wanted to confirm those were typos, since we have recently >> seen some confusion around this space. > I followed the patterns used

Re: [Acme] ACME subdomains

2020-09-02 Thread Owen Friel (ofriel)
I followed the patterns used in RFC8555 which consistently uses example.com as the ACME server base domain and example.org as the client certificate identifier base domain, but yes Ryan I did find this a source of confusion too when reading ACME. For clarity, I replaced all example.com with

Re: [Acme] ACME subdomains

2020-09-02 Thread Ryan Sleevi
There’s a lot of mixing of example.org and example.com here, in ways I’m having trouble making sense of. I just wanted to confirm those were typos, since we have recently seen some confusion around this space. ___ Acme mailing list Acme@ietf.org

Re: [Acme] Review of draft-friel-acme-subdomains-02

2020-09-02 Thread Owen Friel (ofriel)
Thanks Russ. I've addressed all these in github at: https://github.com/upros/acme-subdomains/blob/master/draft-friel-acme-subdomains.md. I have not pushed out draft-03 yet, lets see what Jacob and Felipe have to say on the related thread about challenge options, and I will incorporate then.

Re: [Acme] ACME subdomains

2020-09-02 Thread Owen Friel (ofriel)
Thanks Felipe, Jacob, we had not really considered the use case where the server would offer challenges for both foo.bar.example.org and example.org and the client could choose which to fulfil. We assumed (maybe naively) that the server would