On Wed, Mar 25, 2015 at 2:42 PM, John Mattsson <[email protected]> wrote: > > > On 25 Mar 2015, at 13:24, Jonathan Rudenberg <[email protected]> wrote: > > > On Mar 25, 2015, at 9:35 AM, John Mattsson <[email protected]> > wrote: > > Hi, > > Some high level comments on draft-barnes-acme (the GitHub version) > > > - Security: > The security of this seems to need some serious rethinking. The “Domain > Validation with Server Name Indication” challenge seems totally nonsecure, > allowing ANY on-path attacker to get certificates issued. I think this > challenge is unacceptable for certificate issuance and I think it should be > removed. Just because I let Amazon, Microsoft, Google or any other cloud > provider run my web server does not mean I give them the right to request > certificates for my domain. > > > Thanks for pointing this out.
This seems like a big deal, no? That is, since SNI is one of the few things not protected in the TLS handshake, it does seem spoofable. If there's not something I'm missing, it seems like the proposal should just drop DVSNI altogether. -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 [email protected] PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
