Plans to support RFC 8738

roland · March 4, 2020, 7:10pm

Hey, author of the RFC here. The main impetus for this extension was to widen the applicability of ACME to non-HTTPS based TLS systems that rely on the web PKI but may not use DNS names. One major example of this is DNS-over-TLS (DoT), but there are numerous other protocols where DNS names are not routinely used.

This document was also aimed at bringing ACME CAs up to parity with the capabilities of existing non-ACME CAs. Being able to standardize how the validation of IP addresses should be performed also allows us to push for further tightening of the CABF Baseline Requirements on validation techniques.

ndilieto · March 4, 2020, 7:45pm

@roland

if you have a minute I'd appreciate your feedback on this. It should support both RFC8737 and RFC8738...

roland · March 4, 2020, 9:11pm

Cool! I’ll put it on my TODO list to check out, but I suspect the fact I’ve not seriously worked on C code in quite a while will impair my ability to provide much valuable feedback.

system · April 3, 2020, 9:11pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.