On Thu, Mar 26, 2015 at 10:40 AM, Martin Thomson <[email protected]> wrote: > On 25 March 2015 at 17:21, Jacob Hoffman-Andrews <[email protected]> wrote: >>> This seems like a big deal, no? That is, since SNI is one of the few >> things not protected in the TLS handshake, it does seem spoofable. If >> there's not something I'm missing, it seems like the proposal should >> just drop DVSNI altogether. >> >> An attacker who fully controls the network is explicitly not part of the >> threat model for any Domain Validation. None of the available techniques >> for DV, whether they involve fetching a file, sending an email, or doing >> a TLS handshake can fully mitigate a network attacker. > > It has been suggested that some measure of network control can be > mitigated by originating the validation requests from multiple network > locations. That would be down to CA policy though.
It is called 'running a CA'. That type of conversation is best left to CABForum and discussions with your friendly neighborhood auditors. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
