alt Hacker NewsThis replaces an anonymous token with a LetsEncrypt account identifier in DNS. As long as accounts are not 1:1 to humans, that seems fine. But I hope they keep the other challenges.
I really would have felt better with a random token that was tied to the account, rather than the account number itself. The CA side can of course decide to implement it either way , but all examples are about the account ID.
Replies
unsnap_biceps • today at 6:42 PM
Accounts are many to one email address. Each of my servers have an individual account attached to the same email address.
mcpherrinm • today at 6:17 PM
I don't expect we'll ever remove the other validation methods, and certainly have no plans to do so.
There are pros and cons of various approaches.
That seems worth suggesting to the acme working group mailing list, if it hasn't already been discussed there.