Hi Amir, On Wed, 18 Sep 2024 15:48:38 +0000 Amir Omidi via Servercert-wg <[email protected]> wrote:
> There are two CAs (Let's Encrypt and Google Trust Services) with > DNS-ACCOUNT-01 ( > https://datatracker.ietf.org/doc/draft-ietf-acme-scoped-dns-challenges/) > mostly ready to go. This draft is designed to solve the CNAME > delegation problem. It doesn't obviate the need to run an acme-dns server (or similar) but DNS-ACCOUNT-01 would indeed be a great help. Note that RFC9444 (subdomain auth) support is also needed as otherwise the subscriber has to add delegations for every hostname instead of just one per zone. Do you know what the state of CA adoption is there? In any case, I'll give this I-D a more thorough look and provide feedback in the ACME WG. Regards, Andrew _______________________________________________ Servercert-wg mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/servercert-wg
