On Aug 18, 2016, at 5:45 PM, Roland Bracewell Shoemaker <rol...@letsencrypt.org> wrote:
> On 08/18/2016 11:14 AM, Russ Housley wrote: >> In Berlin, I agreed to offer a few words about account key loss. Here >> it my initial suggestion. After the mail list makes improvements, I >> leave it to the document authors to find the right location in the >> document to place it. Somewhere in Section 6.2 or somewhere in >> Section 9 seems appropriate. >> >> Russ >> > > Is there much enthusiasm for including account recovery details in the > specification? The original token based recovery method was initially > removed as there were no planned implementers. On the Let's Encrypt side > our rational for this was that in the account of genuine key loss there > is nothing unique to that account, e.g. they can easily just create a > new account and re-create all of their authorizations. It is true they > loose the ability to revoke their previously issued certificates but in > the case of key loss, and not compromise, this doesn't really seem like > a problem. This is my understanding of the requested action. The process for recovering from the loss should not revoke the previous certificates until the new account setup proves that it has all of the appropriate accesses. If an attacker could get the account to be deleted and the current certificates revoked as the first step in a replacement process, then we have created a denial of service opportunity. Russ _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
