I agree. Although the ACME production API URI is "just" a CNAME, the CloudFlare DNS infrastructure to which the CNAME is pointing does actually support DNSSEC. So, there really isn't any good reason IMO not to also start supporting DNSSEC on at least the ACME API URIs.
Cool to see! OCSP still uses the unsigned Akamai domains though.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.