Hi Matt, Thanks for your participation in the discussion. I think rare is just my personal habit of using ACME and I have never replace account key. But I agree with your point: Rare doesn't mean won't happen.
Regards. Bruce 在2025年5月16日星期五 UTC+8 08:05:36<Matt Palmer> 写道: > On Wed, May 14, 2025 at 08:57:12AM -0700, Xiaohui Lam wrote: > > Based on my experience, instances of ACME account key compromise are > > extremely rare. > > I don't know what you consider "rare", but I've cancelled hundreds[1] of > Let's Encrypt accounts whose private keys were publicly disclosed. As a > percentage of all LE accounts, perhaps it's not huge, but it's certainly > far > greater than the zero that would be needed to be able to claim that a > public key is a long-term stable identifier -- and that's before we > consider the need to periodically rotate keys (for whatever reason). > > > I also have full confidence in Cloudflare’s robust security > > operations capability - such account key compromises are highly unlikely > to > > occur internally at Cloudflare. > > Since the I-D is not applicable only to Cloudflare, this argument is not > particularly persuasive. > > > My suggestion is to draft the document to retain both the current account > > URI-generated suffix and add an account key-generated suffix. This would > > allow delegate operators (such as Cloudflare) to implement the optimal > > approach for their customers. > > I strongly disagree with this suggestion. Complexity is the enemy of > security, and flexibility has a nasty habit of coming back to cause > problems. > > - Matt > > [1] I don't keep a tally, but for a period of several years I was doing > one every couple of days -- sometimes multiple per day -- so "hundreds" > is not an unreasonable estimate. > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/3e9f4606-71d0-4d4f-84ee-c36b672e32b4n%40mozilla.org.
