On Wednesday, January 10, 2018 at 3:34:51 PM UTC+1, Jakob Bohm wrote: > Depending on exactly how the shared web server is misconfigured
I don't think the web server is misconfigured: serving a self signed cert for any domain - even one that I don't own - is something that is absolutely valid and done for test purposes. > Enforcement on shared hosting systems would be easier if the TLS-SNI-01 > ACME mechanism used names such as > 1234556-24356476._acme.requested.domain.example.com > since that would allow hosting providers to restrict certificate uploads > that claim to be for other customers domains. Maybe the name form used > by TLS-SNI-02 could be the same as for the DNS-01 challenge. I think that the assumptions TLS-SNI-01/2 make are not valid: - it assumes that you control the IP address the domain resolves to, AND - it assumes that the tls certificate returned by the web server responding on that IP is your own. Those two assumptions are not valid, as SNI is designed exactly for the use case of multiple domains on the same IP, and shared hosts are just providers for that use case. IMHO, returning a self signed cert the IP address that domain resolves to, should not be proof of ownership for that domain. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
