I'm probably not understanding a key piece of technical info about the
protocol, but when I see this statement it makes me think it has similar issues
to tls-sni-01. If we're relying on the hosting provider enforcing certain
constraints like this, then we're delegating a critical piece of
February 23, 2018 9:43 AM
> To: Doug Beattie <doug.beat...@globalsign.com>; 'Roland Bracewell
> Shoemaker' <rol...@letsencrypt.org>; 'Rich Salz' <rs...@akamai.com>
> Cc: 'IETF ACME' <acme@ietf.org>; 'Martin Thomson'
> <martin.thom...@gmail.com>
&g
in for it also.
Doug
> -Original Message-
> From: Sebastian Nielsen [mailto:sebast...@sebbe.eu]
> Sent: Friday, February 23, 2018 9:48 AM
> To: Doug Beattie <doug.beat...@globalsign.com>; 'Roland Bracewell
> Shoemaker' <rol...@letsencrypt.org>; 'Rich Salz' <rs..
the mitigations, which is
good – we need TLS based method.
From: Ryan Sleevi [mailto:ryan-i...@sleevi.com]
Sent: Monday, February 26, 2018 4:09 PM
To: Doug Beattie <doug.beat...@globalsign.com>
Cc: c...@letsencrypt.org; IETF ACME <acme@ietf.org>
Subject: Re: [Acme] ALPN based T
I would find it a bit surprising if the CABF adopted a domain validation method
that relied on the web hosting provider claiming to do the right thing (to
separate users on shared IP addresses so they cannot request certs from the
other customers on that IP address).
Has anyone discussed this