> On 12 Nov 2015, at 4:06 AM, Daniel Kahn Gillmor
> wrote:
>
> On Fri 2015-11-06 14:03:35 -0500, Matthew Holt wrote:
>> I'd like to propose a change that allows clients of the ACME protocol to
>> obtain the URL to the CA's current Terms of Service (if any) without
>> re-registering or trying to
Currently, the DNS challenge uses a random token which changes every
time an authorization is performed.
This seems problematic, however. Changes to DNS can take time to
propagate, and changes to DNS may involve manual intervention. If an
authorization fails for any reason, the process has to be
On Fri 2015-11-06 14:03:35 -0500, Matthew Holt wrote:
> I'd like to propose a change that allows clients of the ACME protocol to
> obtain the URL to the CA's current Terms of Service (if any) without
> re-registering or trying to obtain a certificate and getting a failure
> response.
>
> This propo