My only comments on this thread:
-
LetsEncrypt/ISRG have made it clear that Multiple Perspective Domain Validation is important for security. It is not going away from the LetsEncrypt CA.
-
LetsEncrypt/ISRG and other members of the CA/B Forum are advocating for Multiple Perspective Validation to become a core component of the Baseline Requirements. It is increasingly being adopted by other CAs.
-
While LetsEncrypt/ISRG invented the ACME standard and the current validation methods, they only work due to being adopted into the CA/B Forum Baseline Requirements after being approved by their membership of Browser/OSVendors and CAs. Not only would LetsEncrypt need to be convinced to support/implement such a feature – which they have made clear they have no interest in doing – such a feature would require the approval of all the major figures in the TLS ecosystem, who are all shifting towards requiring multiple perspective domain validation.
-
Requests such as this have been often made and repeatedly turned down for the same reasons. Nothing mentioned above is new or persuasive. I suggest reading the archives.
It would be useful, but there isn't much need that can't be solved by other strategies. Many, including myself, have suggested a dedicated ACME protocol - similar to TLS-ALPN-01 - running on a privileged port. A Cerbot engineer maintains an experimental plugin that uses nfqueue to intercept traffic on the kernel level to get around HTTP issues (Using nfqueue on Linux as a novel, webserver-agnostic HTTP authenticator)
Any change will also result in lots of complaints on this forum, with people who implemented the anti-pattern drowning out the voices of others who need legitimate help.
As much as the ISRG staff encourage best-practices, they also make it clear they do not want Subscribers to "expect" anything more from them; and they do not want to maintain any new products/services that would create new expectations. This is something shared by all Open Source projects. Publicizing a list of IPs would mean people expect that list to work, to be current, to be maintained, and to offer notifications on change. While such a list would be useful to many people, it unnecessarily burdens the ISRG staff with additional things they are expected to support.