As any FYI: due to a Boulder bug, authorizations created before March 13th that are still pending can still be validated using the TLS-SNI method. Our pending authorizations expire after 7 days, so we are going to let these authorization objects age out of the system. That means that between March 13th and March 20th we will still be doing a very small number of TLS-SNI validations, but it is not something that a client can specifically opt into.