On 03/05/2018 04:37 PM, Tim Hollebeek wrote: > I think we may come to regret using that trick so much. Such schemes > are only one software bug away from having rather profound effects > on trust decisions and the entire ecosystem. This is a good point, but an important mitigating factor is that these are self-signed certificates, as compared to CT's precertificates, which are signed by a trusted issuer but poisoned. And they are only presented when the acme/1 ALPN is negotiated. So you'd need three software bugs, each of which would be a game-over bug on its own:
- ignoring a critical extension - trusting a self-signed certificate - sending acme/1 ALPN for non-validation traffic _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
