*push* 2015-11-13 16:35 GMT+01:00 Niklas Keller <[email protected]>:
> This is a followup on "ACME vulnerabilities in SimpleHTTP and DVSNI due to > common webservers' default virtual host semantics", since I don't have that > mail in my archive (was not subscribed to the list back then), I can't > respond directly to that thread. (Stupid mailing lists.) > > Could someone explain the exact vulnerability? Since those challenge > payloads are bound to a specific domain, I don't see the problem. > Additionally, I don't see why it's a problem with HTTPS, why is it > mitigated by switching to HTTP? HTTP via port 80 has just the same > semantics for default hosts as HTTPS via 443 has. > > Regards, Niklas >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
