I certainly agree it's an admirable goal and would be nice. I'm just pragmatically realizing that Let's Encrypt is a small operation and just can't do everything. It might be helpful if there were a group of people (maybe XMPP/Matrix/SIP server operators, I guess) working on a private PKI (and maybe not just for trying to secure the server end, but also for related client auth use cases), to battle-test what's involved in proper validation and creating these certificates for these use cases as well as in getting client software to recognize these SRV-ID names. If there are working solutions with a private PKI, then I think it's more likely that it could get integrated into the broader public Web PKI.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Handling of DNS SRV types (XMPP) with HTTP challenge? | 25 | 678 | September 3, 2024 | |
| [Suggestion] Let's Encrypt operated, TXT-only DNS Hosting for DNS challenges | 19 | 8839 | February 14, 2018 | |
| Shouldn't verification via DNS record be a priority? | 62 | 40922 | August 25, 2016 | |
| Subdomains or SAN additions and DNS validation | 22 | 2675 | June 25, 2022 | |
| Service that automatically provisions CNAME redirection for DNS challenges | 39 | 4058 | December 21, 2018 |