Revoke it and make all clients of the client mark the victim untrusted
at a moment fits the attacker scheme, or make clients of the victim
request CRL url to disturb a network, or get list of a client endpoints,
cause trouble for a monitored network when the clients looks like
accessing some specific IP or site.
I don't know, there is many ways, but most likely someone will design an
attack out of this and use it.
On 10/23/2018 12:01 PM, Alan Doherty wrote:
Acme server is CA server and shouldn't need a root store to be validated or
trusted, that root store can be easily manipulated even by a software, even
without locally manipulation the MitM can issue a certificate to the client by
simply hijacking the connection and having certificate issued by trusted CA,
and the client will validate and trust that certificate.
how would this scenario be an attack???
if the mitm gives over a valid cert to the 'victim'-client
what have they achieved?
they have viewed otherwise public information that is useless to them, and
'victim' operations are uninterrupted
(as obviously an acme client (as with all CA operations) never reveals the
private key to a CA or any other parties, as only the public ones transit the
wire)
and gained 0 information/resources of use (and expended a lot of effort to mitm
successfully, by somehow obtaining a trusted cert for the CA endpoint their
impersonating)
_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
