I agree. I was hoping for a few positive examples, but didn't see any. The only one I know of is the OIDC discovery endpoint.

▲

asdfasdfadsfs 8 hours ago | parent | next [-]

I would say acme-challenge is one of the most used ones. How else would one get SSL certificates today

▲

echoangle 8 hours ago | parent [-]

DNS TXT challenge for example. Also better because you can get wildcard certs.

▲

ameliaquining 3 minutes ago | parent | next [-]

The great virtue of the in-band challenge types is that web servers can just handle them out of the box, without any need for a separate setup step that depends on your stack. I think this has done a heck of a lot to increase adoption of HTTPS.

▲

sureglymop 5 hours ago | parent | prev [-]

Also, DNS-PERSIST-01 seems to be coming soon for Let's Encrypt, which should allow even people that can't easily dynamically update their DNS records to get wildcard certs. I assume this might become more widely used than HTTP-01 challenges.

	▲	inigyou 2 hours ago \| parent [-]
		I wish someone would write a blog post about the difference between DNS registrars and DNS hosts, because I've seen people assume they need to use a registrar that has an API in order to change their DNS records programmatically. I used to assume that too.

▲

pstoev 7 hours ago | parent | prev [-]

Another one that is emerging is the A2A agent card https://a2a-protocol.org/latest/topics/agent-discovery/#1-we...