As regards https://tools.ietf.org/html/draft-friel-acme-subdomains-02 ...
Is the idea that the client will, if requesting authz on sub.example.com,
*only* be able to do authz against the parent domain (example.com)?
It would seem advantageous—from the client’s perspective, anyway—to allow a
workflow where the client can do authz against one or the other. For longer
subdomains, e.g., foo.bar.example.com, likewise, ideally the domain itself or
either parent domain would work.
Was this considered and deemed infeasible?
Thank you!
-Felipe Gasper
_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme