[cabf_validation] ACME and domain prefixes

Eric Mill eric at konklone.com
Thu Jan 14 12:24:09 MST 2016


The meatiest posts to that thread are my original proposal:
https://mailarchive.ietf.org/arch/msg/acme/QlY1VfWjwIGy-tpz5xjxPEYiBBo

Andrew Ayer's rebuttal:
https://mailarchive.ietf.org/arch/msg/acme/b43_VUIsnei_2N4ocu3KBvxKelo

And the subsequent discussion that suggests maybe even 2 DNS challenges
might be necessary:
https://mailarchive.ietf.org/arch/msg/acme/UavsmdFCdzvrBtNdRhx97aUuKKU

The conversation seems to have stalled, in part I think because letting a
standard CNAME, like the kind users have already set for large shared
services, are still likely not practicable, because of how many TXT records
a central provider would have to set for one domain, probably one for each
customer.

-- Eric

On Thu, Jan 14, 2016 at 1:53 PM, Rick Andrews <Rick_Andrews at symantec.com>
wrote:

> Gang,
>
> On the Validation WG call today, Peter mentioned ACME’s idea of prefixing
> the FQDN (as opposed to whittling it down as the Authorization Domain
> Name). I found the thread in which this was recently discussed, just before
> the holidays. In case you’re interested:
>
>
> *https://mailarchive.ietf.org/arch/search/?qdr=a&start_date=&end_date=&email_list=&q=subject%3A%28DNS+Challenge+spec%29&as=1*
> <https://mailarchive.ietf.org/arch/search/?qdr=a&start_date=&end_date=&email_list=&q=subject%3A%28DNS+Challenge+spec%29&as=1>
>
> -Rick
>
>
> _______________________________________________
> Validation mailing list
> Validation at cabforum.org
> https://cabforum.org/mailman/listinfo/validation
>
>


-- 
konklone.com | @konklone <https://twitter.com/konklone>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20160114/919c6a03/attachment.html 


More information about the Validation mailing list