The actual DCV would not (and I believe cannot, according to the CAB requirements) rely on a check like this – multipoint validation would have to be performed by CA-controlled infrastructure. But I don’t see why a CA would be forbidden from using such a service as an (optional) check.
But yes, as you say: it does mean such a CA would have to accept the possibility of service unavailability and then decide how to handle that:
- Issue the cert anyway if official validation succeeded, rendering the service mostly useless
- Not issue the cert, and tolerate potentially more downtime
Both are not awesome, unfortunately. One possible way to improve the second option is to have multiple CDNs offer this service and then integrate with all of them, but that’s still not ideal.
Let’s Encrypt already performs validation checks in staging environment using multiple vantage points: Validating challenges from multiple network vantage points