Having discussed HiCA with some friends it seems they're being very naughty indeed and abusing what appears to be an RCE in ACME.sh to get their validation done?! https://github.com/acmesh-official/acme.sh/issues/4659 ------------------------------
Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № 12417574 <https://find-and-update.company-information.service.gov.uk/company/12417574>, LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively. On Fri, 9 Jun 2023 at 09:55, Q Misell <q...@as207960.net> wrote: > Hi Amir, > > TIL about HiCA. They do seem like a weird bunch! > > I note they only allow ACME.sh as an ACME client and forbid every other > client in their EULA ( > https://www1.hi.cn/en/docs/getting-started/acme.sh-installation). They > also have some interesting ideas about patents surrounding ACME ( > https://www1.hi.cn/en/docs/tutorial-expert/challenge/challenge-types-dns-or-http). > I can also find no mention in their docs of how they support ".onion" > domains, and absolutely no reference to the CSR method. I will have to have > a poke at their ACME server to see how they implement it, but I don't > expect any revolutionary ideas. > > Thanks, > Q > ------------------------------ > > Any statements contained in this email are personal to the author and are > not necessarily the statements of the company unless specifically stated. > AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, > Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company > registered in Wales under № 12417574 > <https://find-and-update.company-information.service.gov.uk/company/12417574>, > LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 > <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. > EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: > 522-80-03080. Glauca Digital and the Glauca logo are registered trademarks > in the UK, under № UK00003718474 and № UK00003718468, respectively. > > > On Thu, 8 Jun 2023 at 21:26, Amir Omidi <amir=40aaomidi....@dmarc.ietf.org> > wrote: > >> Wrong URL, apologies: >> https://www1.hi.cn/hica-vs-letsencrypt/ >> >> On Thu, Jun 8, 2023 at 15:08 Amir Omidi <aaomidi= >> 40google....@dmarc.ietf.org> wrote: >> >>> I support the draft as it is for adoption. I’m also curious if >>> https://www.hi.cn/hica-vs-letsencrypt/ is potentially using the draft >>> as well for their onion support? >>> >>> On Sun, Jun 4, 2023 at 08:07 Stephen Farrell <stephen.farr...@cs.tcd.ie> >>> wrote: >>> >>>> >>>> Hiya, >>>> >>>> On 04/06/2023 12:06, Deb Cooley wrote: >>>> > This will be a two week call for adoption ending on 16 June. >>>> Please >>>> > speak up either for or against adopting this draft. >>>> >>>> I had a read of the draft. I support adoption. >>>> >>>> I'm not sure I understand the security of the challenge >>>> schemes sufficiently from reading the draft, but that's >>>> something that can be addressed as the WG works on it. >>>> >>>> To be clear: I'm not asking that the draft fully set out >>>> why these challenge types are (or are not, for dns-01) >>>> secure, but I reckon it's important the WG satisfy itself >>>> about that as the work proceeds, given that have been >>>> subtle issues with challenges in the past. >>>> >>>> There're also some terminology things to get right, e.g. >>>> that .onion is not a TLD but a special-use domain name. >>>> (SUDNs are controversial enough things that it'll be >>>> worth trying to get that text to where it irritates >>>> the smallest number of people possible, even if that'll >>>> never be zero:-) >>>> >>>> Cheers, >>>> S. >>>> >>>> > >>>> > Thanks, >>>> > Deb >>>> > >>>> > >>>> > _______________________________________________ >>>> > Acme mailing list >>>> > Acme@ietf.org >>>> > https://www.ietf.org/mailman/listinfo/acme >>>> _______________________________________________ >>>> Acme mailing list >>>> Acme@ietf.org >>>> https://www.ietf.org/mailman/listinfo/acme >>>> >>> -- >>> >>> Amir Omidi >>> Software & Security Engineer >>> aaom...@google.com >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Acme mailing list >>> Acme@ietf.org >>> https://www.ietf.org/mailman/listinfo/acme >>> >> -- >> Amir Omidi (he/them) >> _______________________________________________ >> Acme mailing list >> Acme@ietf.org >> https://www.ietf.org/mailman/listinfo/acme >> >
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
