Comment by flowerthoughts

Comment by flowerthoughts a day ago

3 replies

View on Hacker News

This replaces an anonymous token with a LetsEncrypt account identifier in DNS. As long as accounts are not 1:1 to humans, that seems fine. But I hope they keep the other challenges.

I really would have felt better with a random token that was tied to the account, rather than the account number itself. The CA side can of course decide to implement it either way , but all examples are about the account ID.

mkj a day ago

That seems worth suggesting to the acme working group mailing list, if it hasn't already been discussed there.

Reply View 0 replies
mcpherrinm 19 hours ago

I don't expect we'll ever remove the other validation methods, and certainly have no plans to do so.

There are pros and cons of various approaches.

Reply View 0 replies
unsnap_biceps 19 hours ago

Accounts are many to one email address. Each of my servers have an individual account attached to the same email address.

Reply View 0 replies