info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
New Let's Encrypt validation method
275 views
Skip to first unread message
rol...@letsencrypt.org
Jun 15, 2018, 2:47:22 PM6/15/18
to mozilla-dev-s...@lists.mozilla.org
Let’s Encrypt has deployed an implementation[0] of the draft-ietf-acme-tls-alpn-01[1] validation method on our staging environment[2]. This is a CAB/F BR 3.2.2.4.10 method which uses ALPN and a specially constructed certificate to validate domain control. We believe that this method resolves the major issues that were discovered with the TLS-SNI based methods while still allowing validation purely at the TLS layer.
If anyone has a chance to test it out and runs into implementation/specification issues we’d love to hear about them!
[0] https://github.com/letsencrypt/boulder/blob/2dadd5e09a8228342aa86e8fa4c8d887a82aa4ac/va/va.go#L701-L768
[1] https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01
[2] https://acme-staging.api.letsencrypt.org/
If anyone has a chance to test it out and runs into implementation/specification issues we’d love to hear about them!
[0] https://github.com/letsencrypt/boulder/blob/2dadd5e09a8228342aa86e8fa4c8d887a82aa4ac/va/va.go#L701-L768
[1] https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01
[2] https://acme-staging.api.letsencrypt.org/
0 new messages