well I think it's a bad idea. as I commented in the issue directly TLS-SNI-01 fell straight on the face because of the way servers may handle hosts without a setting.
2016-12-03 13:35 GMT+01:00 Patrick Figel <patrick@figel.email>: > I wrote together some thoughts on this proposal here[1]. In short, I think > it's > vulnerable to the default vhost attack that caused simpleHTTP to be > dropped, and > it's not compatible with the "Agreed-Upon Change to Website" method > described > in the BRs, which would prevent adoption by any publicly-trusted CA. > > The proposed workaround for this issue[2] would make this a variant of > tls-sni, > AIUI, which already has these pseudo-hostnames, so I think we're down to > "allow > other ports" here, and I believe there's consensus against this. > > Patrick > > [1]: https://mailarchive.ietf.org/arch/msg/acme/ > QiXu84RJtURfGVVEYfSpRdtcU5o > [2]: https://mailarchive.ietf.org/arch/msg/acme/ > NFKJ5sqBePGlJglKRwodc5m4ZEo > > On Sat, Dec 3, 2016 at 3:18 AM, Salz, Rich <rs...@akamai.com> wrote: > > With the couple of recent pull requests, the document editors are about > to > > close all but on issue, #215. > > > > > > > > Does the WG have any feelings on this? Is it something we need to > address > > NOW, or can we add a new type of challenge later on if there’s interest? > > > > > > > > Please reply on-list by earl next week. > > > > > > > > -- > > > > Senior Architect, Akamai Technologies > > > > Member, OpenSSL Dev Team > > > > IM: richs...@jabber.at Twitter: RichSalz > > > > > > > > > > _______________________________________________ > > Acme mailing list > > Acme@ietf.org > > https://www.ietf.org/mailman/listinfo/acme > > > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
