Saklad5
commented
1 year ago I'd say domain verification only proves that control of that exact RRset: any further interpretation is at the discretion of the provider.
Closed ShivanKaul closed 3 months ago
Saklad5
commented
1 year ago I'd say domain verification only proves that control of that exact RRset: any further interpretation is at the discretion of the provider.
enygren
commented
3 months ago https://datatracker.ietf.org/doc/html/draft-ietf-acme-dns-account-challenge-01 improves on this as well and we can reference it.
moonshiner
commented
3 months ago I believe it is now https://datatracker.ietf.org/doc/draft-ietf-acme-scoped-dns-challenges/
and it has an example ! yah
moonshiner
commented
3 months ago it is already referenced ACME-SCOPED-CHALLENGE in "Scope Indication" section
Scope of verification: Let's Encrypt - is only for the domain Google - everything under that domain?
Call this out explicitly in the draft.