| ▲ | 9dev 3 hours ago | |
It’s still a valid point IMHO - why not just use the public key directly? It seems like the account URI just adds problems instead of resolving any. | ||
| ▲ | mcpherrinm an hour ago | parent [-] | |
It has these primary advantages: 1. It matches what the CAA accounturi field has 2. Its consistent across an account, making it easier to set up new domains without needing to make any API calls 3. It doesn’t pin a users key, so they can rotate it without needing to update DNS records - which this method assumes is nontrivial, otherwise you’d use the classic DNS validation method | ||