On 07/14/2018 04:38 PM, Tobias Fiebig wrote:
Back when we submitted Cloud Strife [0] to NDSS, we reached out to the list on
pushing our mitigations toward a recommendation/best practices RFC. Given that
with the Birge-Lee paper, there is now a second attack vector, we (Kevin
Borgolte and I, but we are open to more collaborators and already talked with
Prateek Mittal from the BGP MitM paper [1]) would like to author a RFC on
mitigating IP-use-after-free/IP-misuse attacks. This RFC would summarize the
operational recommendations as well as how various other measures can (and
cannot, CAA for example has to be configured correctly to be helpful) mitigate
these attacks.
The main question here is opt-in vs not. Practical deployment experience
with ACME has shown that people frequently lose all their private keys.
For instance, they might need to rebuild a server, and forget to store a
copy. If a mechanism like you propose were to be enabled by default for
all hostnames, it would effectively lock out a large number of
subscribers from being able to get a certificate at all.
Making this opt-in is more plausible. You could do this with
CAA.However, it might make more sense to just apply a CAA accounturi
parameter in that case.
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
