Hi all, we have reached out a while ago about IP address staleness and domain takeover attacks, and a way to prevent certificate issuance in these cases (July 2017).
Since then, we have conducted some measurements on the practicality of the attacks. Furthermore, we wrote down our defense in a structured manner. The results of this will appear as a paper at the Network and Distributed Systems Symposium (NDSS) in February 2018. As you suggested when we approached the list earlier, we would love to contribute a RFC on it. However, based on that initial feedback, we were wondering how to move forward? Would you prefer an additional RFC for the proposed ACME challenge, or would you want to incorporate it into an existing RFC? If you are interested in reading the paper, please reach out. While we have not made the paper public yet, we are happy to share it privately here. Best, Kevin P.S. We plan to release the paper publicly early January. _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
