On Mon, Jun 27, 2016 at 10:14:20PM +0200, Raphaël Gertz wrote: > Hi, > > (This is a repost to the mailing list as requested by Jacob Hoffman-Andrews) > > I am working on a letsencrypt client and read your draft. > > I am thinking that there is (maybe) an incoherence and complication in the > DNS challenge. > > If I understood correctly your draft, dns record MUST be like this : > _acme-challenge.example.com. IN TXT digest(token.thumbprint) > > The small problem is with a rsa key of 4096 length, the digest has a length > of 684 in my case. > > The complication is that popular dns server and provider don't accept > txtdata of more than 255 characters.
Huh, the way I read it, the TXT payload is base64url encoding of SHA-256 digest, which always has length of 43 characters (since SHA-256 outputs 32 bytes), which is well under 255 bytes. -Ilari _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
