[Acme] Re: I-D Action: draft-ietf-acme-dns-persist-01.txt

Mon, 23 Mar 2026 22:48:32 -0700

someone on Let's encrypt forum wanted to add an extension to this to limit validation to be from a specific IP. 

https://community.letsencrypt.org/t/dns-persist-01-add-ability-to-filter-request-ip/246091
I personally think it'd be better be a extension of RFC8657 than specific for dns-persist-01 but still interesting proposal to discuss here. 

26. 3. 24. 11:06에 [email protected] 이(가) 쓴 글:

Internet-Draft draft-ietf-acme-dns-persist-01.txt is now available. It is a
work item of the Automated Certificate Management Environment (ACME) WG of the
IETF.

    Title:   Automated Certificate Management Environment (ACME) Challenge for 
Persistent DNS TXT Record Validation
    Authors: Shiloh Heurich
             Henry Birge-Lee
             Michael Slaughter
    Name:    draft-ietf-acme-dns-persist-01.txt
    Pages:   30
    Dates:   2026-03-23

Abstract:

    This document specifies "dns-persist-01", a new validation method for
    the Automated Certificate Management Environment (ACME) protocol.
    This method allows a Certification Authority (CA) to verify control
    over a domain by confirming the presence of a persistent DNS TXT
    record containing CA and account identification information.  This
    method is particularly suited for environments where traditional
    challenge methods are impractical, such as multi-tenant hosting
    platforms, enterprise DNS environments, and IoT deployments.  The
    validation method is designed with a strong focus on security and
    robustness, incorporating widely adopted industry best practices for
    persistent domain control validation.  This design aims to make it
    suitable for Certification Authorities operating under various policy
    environments, including those that align with the CA/Browser Forum
    Baseline Requirements.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-acme-dns-persist/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-acme-dns-persist-01.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-acme-dns-persist-01

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts


_______________________________________________
Acme mailing list -- [email protected]
To unsubscribe send an email to [email protected]


_______________________________________________
Acme mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to