[Servercert-wg] Discussion Period Begins - Ballot SC-080 V1: "Sunsetting use of WHOIS to identify Domain Contacts"
Andrew Ayer
agwa at andrewayer.name
Wed Sep 18 18:09:41 UTC 2024
Hi Amir,
On Wed, 18 Sep 2024 15:48:38 +0000
Amir Omidi via Servercert-wg <servercert-wg at cabforum.org> wrote:
> There are two CAs (Let's Encrypt and Google Trust Services) with
> DNS-ACCOUNT-01 (
> https://datatracker.ietf.org/doc/draft-ietf-acme-scoped-dns-challenges/)
> mostly ready to go. This draft is designed to solve the CNAME
> delegation problem.
It doesn't obviate the need to run an acme-dns server (or similar) but
DNS-ACCOUNT-01 would indeed be a great help. Note that RFC9444
(subdomain auth) support is also needed as otherwise the subscriber
has to add delegations for every hostname instead of just one per zone.
Do you know what the state of CA adoption is there?
In any case, I'll give this I-D a more thorough look and provide
feedback in the ACME WG.
Regards,
Andrew
More information about the Servercert-wg
mailing list