Hi Antonios, On 9/9/22 10:57, Antonios Chariton wrote:
Although ACME is a protocol that can be used by any CA, and is not necessarily tied to WebPKI, our proposal tried to be compatible with the existing Baseline Requirements for Certificate Issuance by the CA / Browser Forum. The method that we are using is 3.2.2.4.7 which requires the presence of a TXT record under a direct subdomain that starts with a "_". If we don't follow these requirements, although DNS-ACCOUNT-01 will be a valid ACME challenge, its adoption by Publicly Trusted CAs will not be possible until a new method is added to the BRs.
Understood! Thanks, Peter -- https://desec.io/ _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
