On Thu, Mar 26, 2026 at 01:04:11PM +0000, Salz, Rich wrote:
> The LAMPS WG is the place to start.
Sure but in addition to barriers due to LTS outdated software, there are
additional barriers that make it difficult for CAs to actually do the
sort of TOFU "domain validation" they do for web servers.
There'd need to be a whole bunch of new ACME challenge types that verify
control of the SMTP service (presumably on each of the MX hosts),
control of the domain's LDAP service (per the SRV records), ...
I don't see this happening. DANE is considerably simpler and is
available now.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
