I find these objections pretty persuasive. Inclined to WONTFIX. On Sat, Dec 3, 2016 at 7:35 AM, Patrick Figel <[email protected]> wrote:
> I wrote together some thoughts on this proposal here[1]. In short, I think > it's > vulnerable to the default vhost attack that caused simpleHTTP to be > dropped, and > it's not compatible with the "Agreed-Upon Change to Website" method > described > in the BRs, which would prevent adoption by any publicly-trusted CA. > > The proposed workaround for this issue[2] would make this a variant of > tls-sni, > AIUI, which already has these pseudo-hostnames, so I think we're down to > "allow > other ports" here, and I believe there's consensus against this. > > Patrick > > [1]: https://mailarchive.ietf.org/arch/msg/acme/ > QiXu84RJtURfGVVEYfSpRdtcU5o > [2]: https://mailarchive.ietf.org/arch/msg/acme/ > NFKJ5sqBePGlJglKRwodc5m4ZEo > > On Sat, Dec 3, 2016 at 3:18 AM, Salz, Rich <[email protected]> wrote: > > With the couple of recent pull requests, the document editors are about > to > > close all but on issue, #215. > > > > > > > > Does the WG have any feelings on this? Is it something we need to > address > > NOW, or can we add a new type of challenge later on if there’s interest? > > > > > > > > Please reply on-list by earl next week. > > > > > > > > -- > > > > Senior Architect, Akamai Technologies > > > > Member, OpenSSL Dev Team > > > > IM: [email protected] Twitter: RichSalz > > > > > > > > > > _______________________________________________ > > Acme mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/acme > > > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
