[elliottinvent]

DNS-01 is a standardisation of the same methods service providers have been using for well over a decade. Ok they've started using subdomains instead of the apex [1], but really it's more of the same.

This protocol offers additional functionality and less friction.

1. dig target.com TXT

[e12e]

> This protocol offers additional functionality and less friction.

Most users will be using letsencrypt anyway, so at a minimum this adds friction by forcing (most) users to implement two protocols?

[elliottinvent]

Do you mean LE or DNS-01?

DNS-01 is unique per service provider.

I don't think domain registrants care about protocols, they care about how many things they've got to do with their DNS.

With DNS-01 and older methods it was based on, there's friction for each service provider. With the Domain Verification protocol there's friction first time only.

Sorry if I've misunderstood something here. If so, please forgive me and elaborate to help me understand.

[e12e]

As a user of LE, you need to implement http or DNS (or tls) challenge - typically via a tool that takes a pointer to your provider (letsencrypt).

I claim that it would be less friction to simply use the same tool for verifying domain control (suplly facebook as the provider).

Ed: although thinking about it, existing tools for interfacing with LE probably do too much (create certificate requests) - so might not make that much sense to reuse the tools/clients as is.