No, not this case. User must post the token with the right email and certificate to server. What I mean is StartCom system will send the token to customer's email account, but if this email account info is stolen by hacker, then it can be used to access this token's subscriber's account. My suggestion is limit this token expiration time, any good solution for this issue?
Regards, Andy > On 19 Aug 2016, at 20:36, Karthikeyan Bhargavan <[email protected]> > wrote: > > Could you clarify the security goal of the external secret? > Is it meant to be the *only* authentication client an ACME client > needs to present in order to take over some user’s existing StartCom acount? > > In that case, this is subject to the same security considerations as account > recovery, > and potentially offers significantly lower security than other ACME > mechanisms. > > Best, > Karthik > >> On 19 Aug 2016, at 07:26, Andy Ligg <[email protected]> wrote: >> >> We checked the draft that the external_secret (optional, string) >> description is same as Contact. >> >> Another issue we think is how to guarantee this token's security, we plan to >> limit this token that it will expire at the short time. Please advise, >> thanks. >> >> Regards, >> >> Andy >> >>> On 18 Aug 2016, at 08:58, Jacob Hoffman-Andrews <[email protected]> wrote: >>> >>> Here's one version of what it might look like to add the token Andy >>> proposed: >>> >>> https://github.com/ietf-wg-acme/acme/pull/172 >>> >>> Let me know what you think! >> >> _______________________________________________ >> Acme mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/acme > _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
