On Wed, Mar 20, 2024 at 5:57 PM Amir Omidi <amir= 40aaomidi....@dmarc.ietf.org> wrote:
> I feel like splitting this challenge into three (and potentially more, as > extra scopes may or may not be added into the future) might be a little too > noisy. > Combined with my other proposals, we only wind up with two total challenge types: `dns-account-host-01` and `dns-account-wildcard-01`. I propose to get rid of domain scopes and the `dns-02` challenge type. What do you think about a `scope` field in the authorization resource the > server sends creates/communicates with the client? Clients opting into > dns02, or dns-account-01 will use this to know exactly what scope the > server is expecting from them for their ACME order. > This works, and is closest to your intention with the current draft, where the server decides the appropriate scope and the client has to abide by it. I do think it will be more annoying to pull into the BRs, since they will have to have language that says "This challenge type may be used to issue for wildcard domains if the ACME server sent `"scope": "wildcard"`."
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
