I do not know much about the state of subdomain auth deployment in the CA ecosystem unfortunately.
On Wed, Sep 18, 2024 at 2:09 PM Andrew Ayer <[email protected]> wrote: > Hi Amir, > > On Wed, 18 Sep 2024 15:48:38 +0000 > Amir Omidi via Servercert-wg <[email protected]> wrote: > > > There are two CAs (Let's Encrypt and Google Trust Services) with > > DNS-ACCOUNT-01 ( > > https://datatracker.ietf.org/doc/draft-ietf-acme-scoped-dns-challenges/) > > mostly ready to go. This draft is designed to solve the CNAME > > delegation problem. > > It doesn't obviate the need to run an acme-dns server (or similar) but > DNS-ACCOUNT-01 would indeed be a great help. Note that RFC9444 > (subdomain auth) support is also needed as otherwise the subscriber > has to add delegations for every hostname instead of just one per zone. > Do you know what the state of CA adoption is there? > > In any case, I'll give this I-D a more thorough look and provide > feedback in the ACME WG. > > Regards, > Andrew >
_______________________________________________ Servercert-wg mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/servercert-wg
