im fairly certain the interactive nature of the acme protocol is a designed security feature, not flaw
as ground up its entirely directed at automated use, thus the short ttl on certs (and the ephemeral nature of authenticator tokens) if pre-setup of authentication credentials was possible it introduces a potential flaw : example malicious hacker gets his bag of tools to insert his authenticator onto all compromised sites, into any zones on compromised cpanels in isps etc then at leisure obtains valid certs to run mitm attacks from any locations possible to any of those sites never gets found out about as the credentials don't expire and few actively look at their dns or would notice a suspect record, let walk the directory tree on their website i have to copy the authenticators to multiple webroots on multiple servers (as we cdn all sites across multiple servers/locations) and thus cant guess which one will see the authenticators get request but as the tools are open source and easily altered/modified we cp the token to the webroot and scp to all the other servers in the script with no real issues (we use the https://github.com/lukas2511/letsencrypt.sh tool) anyone running manual mode should look at a 3rd party option in a language they are happy with and make the mods the need to make it compatible with their setup At 10:05 21/03/2016 Monday, Philipp Junghannà wrote: >that should pretty much what it will be about. > >2016-03-21 11:03 GMT+01:00 Thomas LuÃnig ><<mailto:luss...@suche.org>luss...@suche.org>: >Currently > >1) Client->Server Request(domain.xy) => Response(nonce to be signed) >--> Server fetch CAA record >2) Client->Server Request(Please check via dns/http) >--> Server check resouce >3*) Client->Server Is the Check complete(Please check via dns/http) > > >My Idea > >1) Client->Server Request(domain.xy) => Response(nonce to be signed) >--> Server fetch CAA record + DNS(acme.pubkey.domain.xy) to get the PIN of >account key >2) Client->Server Request(Signed nonce with private key, Public Key) => >Response(Sucess/Failed) > > > > >Am 21.03.2016 um 10:34 schrieb Philipp JunghannÃ: >to sign an extra random value because it should probably have signed one when >trying to request the cert so they can just check for the > > > >_______________________________________________ >Acme mailing list >Acme@ietf.org >https://www.ietf.org/mailman/listinfo/acme _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
