Hello Jonas, thank you for the proposal. I think addressing such setups is a good idea.
The solution you propose works only if dns round robin is used (i.e. all the real server ips in A or AAAA). But there are similar setups where the redundant servers are behind some load balancer where a completely different ip is used. Another widely used scenario is geo-based dns. In this case, the Acme server would only see his "nearest" ip address. IMO a better way to support your scenario as well as those I described above would be to check for an SRV-Record before checking A-Records. This would be 100% compatible with existing acme http-01 clients. In your case you would resolve the SRV record to the machine that has the acme client running on. The acme-server would check for the SRV-Record for an address to lookup the challenge's response at. If no SRV record is specified, it would continue with A and AAAA records. Kind regards, Michael. > > > On 21.01.2016 15:13, Salz, Rich wrote: > > >> I am not at all familiar with the processes in an IETF WG. What > >> is the way forward to get my proposal either into the protocol or > >> officially dismissed? > > > This is the way it works. :) People post to the mailing list and > > there's discussion. At some point, the chairs will see if there is > > consensus to do it. > > > So things are working as designed. It's informal and a bit messy. > > > What might help focus discussion is if you made a pull request with > > your specific wording changes. > > I gave it a shot: https://github.com/ietf-wg-acme/acme/pull/82 > > I will appreciate any feedback on that proposal. > > best regards, > jwi > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
