Hi Mike,
I'm not looking to joining the design team per-se but I'm interested in
trying out implementations for https://certifttheweb.com - we already
have multi-ca fallback in the client but no auto discovery.
- The "elephant in the room" from me is that the EAB issue seems like it
might be a significant sticking point for most internal and external CAs.
- In some cases it may be important for a client to know that a specific
acme account is preferred for issuance (e.g. where rate limit increase
have been arranged), is this in scope for auto discovery? I see
https://www.rfc-editor.org/rfc/rfc8657 mentioned.
- From a quick read it looks like (and I assume) that clients are still
free to adopt their own priorities outside of the CAA priority
definitions and (e.g. always issue this cert with this CA, or use any CA
except x because otherwise it would break the API for android 7.x and
lower users who don't know the CA roots).
--
Christopher Cook
Webprofusion Pty Ltd
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
