[Servercert-wg] Discussion Period Begins - Ballot SC-080 V1: "Sunsetting use of WHOIS to identify Domain Contacts"
Amir Omidi
amir at aaomidi.com
Wed Sep 18 19:10:58 UTC 2024
I do not know much about the state of subdomain auth deployment in the CA
ecosystem unfortunately.
On Wed, Sep 18, 2024 at 2:09 PM Andrew Ayer <agwa at andrewayer.name> wrote:
> Hi Amir,
>
> On Wed, 18 Sep 2024 15:48:38 +0000
> Amir Omidi via Servercert-wg <servercert-wg at cabforum.org> wrote:
>
> > There are two CAs (Let's Encrypt and Google Trust Services) with
> > DNS-ACCOUNT-01 (
> > https://datatracker.ietf.org/doc/draft-ietf-acme-scoped-dns-challenges/)
> > mostly ready to go. This draft is designed to solve the CNAME
> > delegation problem.
>
> It doesn't obviate the need to run an acme-dns server (or similar) but
> DNS-ACCOUNT-01 would indeed be a great help. Note that RFC9444
> (subdomain auth) support is also needed as otherwise the subscriber
> has to add delegations for every hostname instead of just one per zone.
> Do you know what the state of CA adoption is there?
>
> In any case, I'll give this I-D a more thorough look and provide
> feedback in the ACME WG.
>
> Regards,
> Andrew
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240918/0777e0bc/attachment.html>
More information about the Servercert-wg
mailing list