Yes and if you avoid the random token in the primary location,
you can use the public account key announced in the dns also as static
prove.
On 1/23/2018 5:37 PM, Tim Hollebeek wrote:
Your proposed method defeats one of the goals of the BR domain control
validation requirements, which is to demonstrate control at time of validation,
not just as some previous time in the past. That's why the existing, approved
validation methods require random numbers to guarantee the validation is
fresh and not based on some previous validation.
If control at some time in the past is sufficient, you can just re-use the
previous
validation, which is allowed in some circumstances (see the BRs).
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
