Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Specify that the server uses the KID from JWS #37

Merged
merged 2 commits into from
Feb 16, 2024
Merged

Specify that the server uses the KID from JWS #37

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cda55e4
Specify that the server uses the KID from JWS
aaomidi Feb 14, 2024
b6acb86
Update draft-ietf-acme-scoped-dns-challenges.mkd
aaomidi Feb 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions draft-ietf-acme-scoped-dns-challenges.mkd
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -226,12 +226,12 @@ A client can fulfill this challenge by performing the following steps:
}
~~~

On receiving a response, the server constructs and stores the key authorization from the challenge `token` value and the current client account key.
On receiving this response, the server validates the message and constructs and stores the key authorization from the challenge `token` value and the current client account key.

To validate the `dns-account-01` challenge, the server performs the following steps:

- Compute the SHA-256 digest {{FIPS180-4}} of the stored key authorization
- Compute the validation domain name with the account URL of the ACME account requesting validation and the associated authorization, similar to the client logic
- Compute the validation domain name with the KID value in the JWS message
- Query for `TXT` records for the validation domain name
- Verify that the contents of one of the `TXT` records match the digest value

Expand Down
Loading