On Tue, May 30, 2017 at 06:59:21PM +0300, Yaron Sheffer wrote: > I understand the use case of "finding a key lying around" (although I've > never personally found a key lying around), but if you think of an > enterprise with a small group of people managing security but a much larger > group of people with access to server certs, this provides any server admin > with a trivial way to DoS the organization by revoking www.bigcorp.com, so > trivial that people can do it by mistake.
Well, if the server admin is maliscous and has access to keys, he can do worse things than to revoke certificates. This mechanism is also limited to the single keypair, unlike say the revoke- with-domain-authorization, which can revoke certificates with arbitrary domain and account keys. Also, if maliscous actors get ahold of private key, that is very definition of private key compromise (and revocation is REQUIRED in that case, the ToS of every public CA says so, since it is BR requirement). And I think serious admins know when to request revocation, unlike lots of persons on community.letsencrypt.org or similar places. -Ilari _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
