On Saturday, January 13, 2018 at 12:35:47 AM UTC-8, Hector Martin 'marcan' wrote: > Would it make sense to effectively allow "self-service" whitelisting by > using a DNS TXT record?
We discussed a similar approach (using CAA) on our community forum, and concluded we don't want to pursue it at this time: https://community.letsencrypt.org/t/tls-sni-via-caa/50172. The TXT record would probably work more widely than CAA, but it would still be encouraging further integration with TLS-SNI-01, when we really want to encourage migration away from it. Right now it's our feeling that the account and renewal whitelisting should mitigate most of the pain of migrating away, but experience and feedback from subscribers will help inform that over time. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
