Thank you Amir. This draft solves a problem that is hindering adoption of ACME. I’ve reviewed it and am happy with the simplifications that place the focus on solving that one specific problem.
In order for CAs to implement this new domain validation method, the CAB Forum’s TLS Baseline Requirements need to be updated. Unless concerns are posted in the next week or two that might result in material changes to the current draft, I will start a CAB Forum ballot to add dns-account-01 as an additional permitted validation method in the TLS baseline Requirements. Thanks, Wayne On Mon, Nov 18, 2024 at 9:50 AM Amir Omidi <amir= 40aaomidi....@dmarc.ietf.org> wrote: > Hi everyone, > > Based on the feedback received, we've published a new version of the > DNS-ACCOUNT-01 draft ( > https://datatracker.ietf.org/doc/draft-ietf-acme-dns-account-label/). > This version has been simplified by removing DNS-02 and the scoping > mechanism, focusing purely on enabling multiple concurrent ACME clients to > authorize the same domain. > > Key changes: > > - Removed DNS-02 challenge type completely > - Removed the scoping mechanism (host/wildcard/domain) > - Simplified DNS record format > - More focused introduction on the core problem of enabling multiple > concurrent ACME clients > - Better explanation of use cases like multi-region deployments > > > We welcome your feedback on these changes. > > Best regards, > Amir Omidi > _______________________________________________ > Acme mailing list -- acme@ietf.org > To unsubscribe send an email to acme-le...@ietf.org >
_______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
