Hi ACME experts, We submitted and presented a new ACME paper at the IETF 121st meeting -- https://datatracker.ietf.org/doc/draft-geng-acme-public-key/.
This draft is about ACME Extension for Public Key Challenges: basically, we think the current identity validation mechanism of ACME(check the ACME applicant’s control over the requested identity)needs to consider some necessary extension in some specific use case (The ACME proxy or ACME applicant itself is taken over by the adversary and perform the public key replacement attack, result in the replacement of the public key in the final CSR message and gain the control of the real applicant’s identity). So, we propose a new ACME challenge type �C ACME public key challenge (pk-01, 3 types of identifier can be applied with: pk, selfsign-cert and csr), together with IDP and known public key authentication protocol (i.e., WebAuthn, Opaque/AKE, non-interactive zero-knowledge (NIZK) discrete logarithm equality (DLEQ) proof…). Through this extension, the public key authenticity, consistency and mapping to the identity are all well checked and protected. Hopefully, you have noticed this draft~~ If no, we are looking forward to your review on this draft, and warmly welcome your comments on it. Thanks a lot! B.R. Frank
_______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
