IETF Logo Mail Archive

Re: [Acme] Issuing certificates based on Simple HTTP challenges

Ilari Liusvaara <ilariliusvaara@welho.com> Mon, 14 December 2015 17:44 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20EDD1ACE92 for <acme@ietfa.amsl.com>; Mon, 14 Dec 2015 09:44:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r63jjYs-AYAZ for <acme@ietfa.amsl.com>; Mon, 14 Dec 2015 09:44:12 -0800 (PST)
Received: from welho-filter1.welho.com (welho-filter1.welho.com [83.102.41.23]) by ietfa.amsl.com (Postfix) with ESMTP id 1C0441ACE7B for <Acme@ietf.org>; Mon, 14 Dec 2015 09:44:12 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id 087407ED; Mon, 14 Dec 2015 19:44:11 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id XcBon8iF83tn; Mon, 14 Dec 2015 19:44:10 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-35-116.bb.dnainternet.fi [87.92.35.116]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id BC983230D; Mon, 14 Dec 2015 19:44:10 +0200 (EET)
Date: Mon, 14 Dec 2015 19:44:07 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Julian Dropmann <julian@dropmann.org>
Message-ID: <20151214174407.GA23284@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CAF+SmEpOLoaREymVhi=qOUg2opz1vKzzNp6tGrDTZAjYSKFDkg@mail.gmail.com> <3071e2d95eaf49acac00e91d3626ccfa@usma1ex-dag1mb1.msg.corp.akamai.com> <CAF+SmEo_s8svTgwvBPqqHyhKFKCt5e-3kSpZK2dUAqapzzORiw@mail.gmail.com> <1277d750730445858ebcbc2932117318@usma1ex-dag1mb1.msg.corp.akamai.com> <CAF+SmEowPeYNZ0o=AYKMj1SBcgRQiK4WqcKApm=MyKfLHKQNiw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAF+SmEowPeYNZ0o=AYKMj1SBcgRQiK4WqcKApm=MyKfLHKQNiw@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: ilariliusvaara@welho.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/DQc7ADkrhmLtgV4MKzn77xoNpxQ>
Cc: "Acme@ietf.org" <Acme@ietf.org>
Subject: Re: [Acme] Issuing certificates based on Simple HTTP challenges
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2015 17:44:14 -0000

On Mon, Dec 14, 2015 at 06:25:56PM +0100, Julian Dropmann wrote:
> 
> If there for example where a standard to make changes to you DNS
> zone/nameserver, this would be a much better approach to verify domain
> ownership automatically, so why not provide an automation for that first?
> But of course I also see the practical approach here...

Like DNS UPDATE? Standardized in 1997...

IIRC, there have been patches to the reference ACME client (I don't
think those have gotten merged) that implement the client side of
DNS UPDATE.

It actually depends on usecase which of DNS or HTTP is more convinient.


-Ilari

v2.23.0 | Report a Bug | By Email