>Acme server is CA server and shouldn't need a root store to be validated or >trusted, that root store can be easily manipulated even by a software, even >without locally manipulation the MitM can issue a certificate to the client by >simply hijacking the connection and having certificate issued by trusted CA, >and the client will validate and trust that certificate.
how would this scenario be an attack??? if the mitm gives over a valid cert to the 'victim'-client what have they achieved? they have viewed otherwise public information that is useless to them, and 'victim' operations are uninterrupted (as obviously an acme client (as with all CA operations) never reveals the private key to a CA or any other parties, as only the public ones transit the wire) and gained 0 information/resources of use (and expended a lot of effort to mitm successfully, by somehow obtaining a trusted cert for the CA endpoint their impersonating) _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
