On 10/22/2018 7:14 PM, Salz, Rich wrote:
* Are you worried about a MitM causing the real CA to issue a
certificate to the MitM? That risk is already addressed in ACME,
but using *client* authentication, not server authentication --
what matters is the client from which the server accepts domain
proof and a CSR, not what server the client thinks it's talking to.
* I am concerned about MitM issuing the certificate to the client.
I am confused. You are worried about an attacker “intercepting” the
ACME connection and issuing a certificate to the client?
It is not necessary to add more “protection” at the TLS layer to
protect against this. The client can verify the signed certificate,
and CA chain, that comes back. DANE is not widely used, and it seems
like a mistake to require it for ACME.
Hi Richard,
My suggestion with something similar to DANE and DKIM (in utilizing DNS
and DNSSEC), DNS TXT record is already been used by acme protocol to
pass a challenge, so why not use similar implementation to authenticate
the server itself for the client, so the client can verify the
certificate and the chain, without a third-party.
You are the expert editors and contributors here, it is your job will
decide to do this on ACME protocol layer or TLS layer, in both case it
should use DNS TXT record and stay away from waiting for DANE or
depending on external resources.
Best regards,
K. Obaideen
_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
