Re: [Acme] Threat model for claiming domains

Mon, 29 Dec 2014 03:49:21 -0800 

On 23/12/14 20:50, Richard Barnes wrote:

On Tue, Dec 23, 2014 at 7:29 AM, Rob Stradling wrote:
    On 22/12/14 14:29, Richard Barnes wrote:

        Hey Rob,

        Thanks for this.  The HTTP one looks more or less as I would have
        expected.  We should probably tighten up the ACME one to look
        more like it.

        With regard to the DNS validation:
        1. Is there a reason you guys use CNAME instead of TXT?

    Hi Richard.  I don't recall any particularly good reason for why we
    chose to use CNAME instead of TXT.  I think it was just a case of
    sticking with what we knew would work and with what our customers
    were more likely to already be familiar with.


Hi Richard.
Instead of using either CNAME or TXT for DNS-based domain validation in ACME, wouldn't it make more sense to use and extend CAA (RFC6844) ? 

<snip>

    IIUC, you're suggesting that there's a risk that Dreamhost might let
    you register a CNAME record for <md5>.dreamhosters.com
    <http://dreamhosters.com> that points to <sha1>.comodoca.com
    <http://comodoca.com>.
    A colleague just said to me: "most shared hosts (like Dreamhost)
    designate that subdomain you request for webhosting and that it's
    incredibly unlikely (read: near-impossible) to get them to change
    their DNS for that to point anywhere other than their shared hosting
    servers."

I can confirm that this is the case with Dreamhost, having just tried
the experiment.  Nonetheless, this seems like kind of a fragile
assumption, given that there do exist some less-clueful hosting providers.

--Richard
We're not aware of any less-clueful hosting providers who break our assumption, but I agree that the assumption is fragile given that there are such a huge number of webhosts across the world. 

Let me just reiterate that this...


    BTW, the reason I came up with the idea of using CSR hashes was
    because we were trying to workaround patented domain control methods
    that involve a CA-generated secret.


...was why we felt we had to make that fragile assumption.
If ACME can avoid making any fragile assumptions of this sort and can avoid infringing any patents, then I'll be happy. :-) 

<snip>

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme

Reply via email to