This is an attempt to continue a side discussion from another thread that had split off the main topic over here:
All sensitive ACME messages are already signed with the account key. Encrypting the token doesn’t add any additional proof other than your the same person who submitted the original order. But the attacker doesn’t need to impersonate your account. It can create it’s own brand new account and submit a new order. The whole point is that controlling the DNS namespace of the domain is all you need to prove you own it.
The proposed extensions to the CAA records that would allow you to pin a specific account key to a domain almost get you there and are probably the closest thing to what you’re looking for. I think it would solve the trust problems with the hypothetical CNAME-only provider we were originally talking about. Even if a malicious CNAME provider captured the account thumbprint used in previous TXT records, it couldn’t create a new order with the existing account because it doesn’t have the account key. It also couldn’t create an order with a new account because it wouldn’t match the CAA record.
But a malicious DNS provider that manages the whole zone could just as easily remove the CAA record long enough to generate an order and a cert before putting it back the way it was.