[Acme] Re: I-D Action: draft-ietf-acme-dns-persist-01.txt

Fri, 03 Apr 2026 23:17:52 -0700

accounturi in 3.1 challenge object need to be arrays of string not a single string to be used to be able to give any alternative uris: currently there is only one choice for client.
to actually able to hide record we'd need something per domain name: hmac that uses account publickey as shared key and domain name as message? 

26. 3. 24. 11:06에 [email protected] 이(가) 쓴 글:

Internet-Draft draft-ietf-acme-dns-persist-01.txt is now available. It is a
work item of the Automated Certificate Management Environment (ACME) WG of the
IETF.

    Title:   Automated Certificate Management Environment (ACME) Challenge for 
Persistent DNS TXT Record Validation
    Authors: Shiloh Heurich
             Henry Birge-Lee
             Michael Slaughter
    Name:    draft-ietf-acme-dns-persist-01.txt
    Pages:   30
    Dates:   2026-03-23

Abstract:

    This document specifies "dns-persist-01", a new validation method for
    the Automated Certificate Management Environment (ACME) protocol.
    This method allows a Certification Authority (CA) to verify control
    over a domain by confirming the presence of a persistent DNS TXT
    record containing CA and account identification information.  This
    method is particularly suited for environments where traditional
    challenge methods are impractical, such as multi-tenant hosting
    platforms, enterprise DNS environments, and IoT deployments.  The
    validation method is designed with a strong focus on security and
    robustness, incorporating widely adopted industry best practices for
    persistent domain control validation.  This design aims to make it
    suitable for Certification Authorities operating under various policy
    environments, including those that align with the CA/Browser Forum
    Baseline Requirements.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-acme-dns-persist/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-acme-dns-persist-01.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-acme-dns-persist-01

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts


_______________________________________________
Acme mailing list -- [email protected]
To unsubscribe send an email to [email protected]


_______________________________________________
Acme mailing list -- [email protected]
To unsubscribe send an email to [email protected]






















					Reply via email to