On Tue, Oct 23, 2018 at 12:28:12PM +0200, Sebastian Nielsen wrote: > > The only danger I could see is if the attacker MITMs the account-creation > process, then they could also MITM the rest, replacing everything with their > own values, and thus fooling a ACME client into authorizing a domain for an > attacker.
I do not think this attack works. The incorrect key would cause the CA to compute different key authorization than the client (because they disagree about the key with client) and the validations would fail. And the attacker can not make CA use matching KA, as that would require access to client key which signs the requests preventing modification, and which attacker does not have, or breaking SHA-256. Now if you are talking about non-acme, then the CABForum approved validation methods do indeed allow validations that are vulernable to such MITM attacks. Now, while attacker that can MITM the client->server connection can not misissue, he can still try to send maliscous input to the client, which then triggers all sorts of trouble, from DoS atacks to possible RCE on the client. -Ilari _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
