Speaking on behalf of Let's Encrypt, we wouldn't be supportive of the change outlined in #215. We share Patrick's concerns about servers with default vhosts.
On Sat, Dec 3, 2016 at 5:42 PM, Richard Barnes <[email protected]> wrote: > I find these objections pretty persuasive. Inclined to WONTFIX. > > On Sat, Dec 3, 2016 at 7:35 AM, Patrick Figel <[email protected]> wrote: > >> I wrote together some thoughts on this proposal here[1]. In short, I >> think it's >> vulnerable to the default vhost attack that caused simpleHTTP to be >> dropped, and >> it's not compatible with the "Agreed-Upon Change to Website" method >> described >> in the BRs, which would prevent adoption by any publicly-trusted CA. >> >> The proposed workaround for this issue[2] would make this a variant of >> tls-sni, >> AIUI, which already has these pseudo-hostnames, so I think we're down to >> "allow >> other ports" here, and I believe there's consensus against this. >> >> Patrick >> >> [1]: https://mailarchive.ietf.org/arch/msg/acme/QiXu84RJtURfGVVEY >> fSpRdtcU5o >> [2]: https://mailarchive.ietf.org/arch/msg/acme/NFKJ5sqBePGlJglKR >> wodc5m4ZEo >> >> On Sat, Dec 3, 2016 at 3:18 AM, Salz, Rich <[email protected]> wrote: >> > With the couple of recent pull requests, the document editors are about >> to >> > close all but on issue, #215. >> > >> > >> > >> > Does the WG have any feelings on this? Is it something we need to >> address >> > NOW, or can we add a new type of challenge later on if there’s interest? >> > >> > >> > >> > Please reply on-list by earl next week. >> > >> > >> > >> > -- >> > >> > Senior Architect, Akamai Technologies >> > >> > Member, OpenSSL Dev Team >> > >> > IM: [email protected] Twitter: RichSalz >> > >> > >> > >> > >> > _______________________________________________ >> > Acme mailing list >> > [email protected] >> > https://www.ietf.org/mailman/listinfo/acme >> > >> >> _______________________________________________ >> Acme mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/acme >> > > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
