My actual idea is to let pubkeys be submitted as "identifiers" in the new-order request, alongside DNS names and IP addresses. That way there can also be challenges to prove you control the corresponding private key (e.g. sign a data structure containing a nonce, or just do a TLS handshake) which comes with several nice properties.
7 Likes