Has anyone among LE staff ever thought about mentioning the challenge type in organizationalUnitName?
For me the main point is how much trust to put. During private beta, I obtained my first LE cert for the domain that I don’t even own. DVSNI challenge succeeded by having control over the server which is specified in DNS A-record.
It would be impossible to pass DNS TXT challenge, so it can be considered a security enhancement, and I wonder why this wasn’t a priority before public beta.