How would people feel about adding some language to the account key roll-over section that says that any cached (already valid) authorizations for identifiers should be deactivated on roll-over? This would reduce the risk of an attacker gaining control of an account and all associated authorizations in such a way that the original user could not revoke the authorizations themselves.
The original user would still be able to revoke any certificates containing identifiers for these authorizations themselves (by creating new authorizations for the identifiers in the certificate) but a attacker could simply add a single new identifier which the original user does not have control over to prevent this with the current design. -- Roland Bracewell Shoemaker Software Engineer Linux Foundation / Internet Security Research Group _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
