Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Automated Certificate Management Environment (ACME) Challenge for Persistent DNS TXT Record Validation
draft-sheurich-acme-dns-persist-01

Versions:

This document is an Internet-Draft (I-D). Anyone may submit an I-D to the IETF. This I-D is not endorsed by the IETF and has no formal standing in the IETF standards process.

Document	Type	Replaced Internet-Draft (candidate for acme WG) Expired & archived
	Authors	Shiloh Heurich , Henry Birge-Lee , Michael Slaughter
	Last updated	2025-09-26 (Latest revision 2025-09-04)
	Replaced by	draft-ietf-acme-dns-persist
	RFC stream	Internet Engineering Task Force (IETF)
	Intended RFC status	(None)
	Formats	txt html xml htmlized bibtex bibxml
	Additional resources	sheurich/draft-sheurich-acme-dns-persist Mailing list discussion
Stream	WG state	Call For Adoption By WG Issued
	Document shepherd	(None)
IESG	IESG state	Replaced by draft-ietf-acme-dns-persist
	Consensus boilerplate	Unknown
	Telechat date	(None)
	Responsible AD	(None)
	Send notices to	(None)

Email authors Email WG IPR References Referenced by Nits Search email archive

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

txt html xml htmlized bibtex bibxml

Abstract

This document specifies "dns-persist-01", a new validation method for the Automated Certificate Management Environment (ACME) protocol. This method allows a Certification Authority (CA) to verify control over a domain by confirming the presence of a persistent DNS TXT record containing CA and account identification information. This method is particularly suited for environments where traditional challenge methods are impractical, such as IoT deployments, multi- tenant platforms, and scenarios requiring batch certificate operations. The validation method is designed with a strong focus on security and robustness, incorporating widely adopted industry best practices for persistent domain control validation. This design aims to make it suitable for Certification Authorities operating under various policy environments, including those that align with the CA/ Browser Forum Baseline Requirements.

Authors

Shiloh Heurich
Henry Birge-Lee
Michael Slaughter

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)

Automated Certificate Management Environment (ACME) Challenge for Persistent DNS TXT Record Validation draft-sheurich-acme-dns-persist-01

Automated Certificate Management Environment (ACME) Challenge for Persistent DNS TXT Record Validation
draft-sheurich-acme-dns-persist-01