You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the Security Considerations, it says that it is expected that the registrar wil use RFC 3007 updates to put records into the DNS. In my admittedly limited ACME experience, it's more common to use a local API to talk to whatever is managing the DNS. (I rolled my own API for my own DNS toaster and acme.sh, because I could.) Is it really limited to RFC 3007 updates? If not, you might want to reword it more generally to say it's going to use something to update the DNS, and if the credentials leak, that would be bad.
I agree with the advice to limit the name scope of updates, and if possible the RRTYPEs. My API only lets the ACME client update CAA and TXT records since that's all ACME needs.
The text was updated successfully, but these errors were encountered:
In the Security Considerations, it says that it is expected that the registrar wil use RFC 3007 updates to put records into the DNS. In my admittedly limited ACME experience, it's more common to use a local API to talk to whatever is managing the DNS. (I rolled my own API for my own DNS toaster and acme.sh, because I could.) Is it really limited to RFC 3007 updates? If not, you might want to reword it more generally to say it's going to use something to update the DNS, and if the credentials leak, that would be bad.
I agree with the advice to limit the name scope of updates, and if possible the RRTYPEs. My API only lets the ACME client update CAA and TXT records since that's all ACME needs.
The text was updated successfully, but these errors were encountered: