Recent developments[0][1] have identified real-world server/hosting
configurations that violate the assumptions of TLS-SNI-01 and its
currently specified replacement, TLS-SNI-02. In light of these issues
and the feasibility of addressing them across the entire Internet it
seems prudent that the ACME specification remove the vulnerable
challenge type pending the development of a better alternative
(TLS-SNI-03?). This will allow the draft last-call to proceed while
the details of TLS-SNI-03 are worked out.

The "Default Virtual Hosts" sub-section of the "Operational
Considerations" section is removed since it spoke exclusively to
a concern with TLS-SNI-02 validation. When the dust has settled on
TLS-SNI-03 we should certainly include a section that describes why
TLS-SNI-01/02 were removed that could replace this information.

[0]: https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996
[1]: https://community.letsencrypt.org/t/2018-01-11-update-regarding-acme-tls-sni-and-shared-hosting-infrastructure/50188

Ilari Liusvaara rightly points out that an HTTP-01 validation that is
redirected to port 443 may encounter an error that justifies the TLS
error type.

…dly-knew-ye