Dear Authors,
Thank you for your work on draft-ietf-acme-dns-persist
<https://datatracker.ietf.org/doc/html/draft-ietf-acme-dns-persist>; it is
great to see it moving toward becoming an RFC.
I am writing regarding the draft's scope, specifically concerning CA/BF
Ballot SC-091 ("DNS TXT Record with Persistent Value in the Reverse
Namespace"), which passed alongside SC-088. As you likely know, SC-091
applies the same "persistent value" technical mechanism to reverse IP zones
( .in-addr.arpa and .ip6.arpa).
We have a question: Should the current dns-persist-01 draft also define a
validation method satisfying SC-091's requirements? The current draft text
seems broad enough to cover both use cases. This would eliminate the need
for a separate, nearly duplicate IETF stream for the reverse namespace and
provide CAs and ACME clients with one canonical RFC for persistent DNS
validation across the entire DNS tree.
If you agree, Google Trust Services would gladly assist by reviewing
proposed text changes or drafting paragraphs to explicitly clarify the
inclusion of the reverse namespace.
Best regards,
Sergey Frolov • Google Trust Services
P.S. I had issues with the delivery of this message because it is my first
email to the tracker. Apologies in advance, if you end up receiving copies
of it.
_______________________________________________
Acme mailing list -- [email protected]
To unsubscribe send an email to [email protected]
