Agree on both points.
From: Ryan Sleevi
Date: Thursday, 10 October 2019 at 18:16
To: Yaron Sheffer
Cc: Thomas Fossati , Ryan Sleevi
, "acme@ietf.org"
Subject: Re: [Acme] Fwd: New Version Notification for
draft-ietf-acme-star-delegation-01.txt
On Thu, Oct 10, 2019 at 5:22 AM Yaron
On Tue, Oct 08, 2019 at 10:07:12AM +, Thomas Fossati wrote:
> Hi Ben,
>
> On 05/10/2019, 02:07, "Benjamin Kaduk" wrote:
> > On Thu, Oct 03, 2019 at 05:33:49PM +, Thomas Fossati wrote: I'm
> > trying to think about the risk that a future use case for
> > "allow-certificate-get" might want
On Thu, Oct 10, 2019 at 5:22 AM Yaron Sheffer wrote:
> I am wondering though about this sentence: A CA can "also offer additional
> validation methods/issuance flows which also use the "dns-01" method."
> Doesn't specifying "dns-01" restrict the CA to one particular
> validation/authorization flo
Hi Ryan,
Apologies for the very late reply.
I accept your comments below, and we will reword this section as a
recommendation or best practice. The flexibility of CAA means that the solution
must be tailored to the particular CA(s) trusted by the IdO. This is
unfortunate in the sense that we