As you might recall, back in Sepember 2015, default-vhost attack was found against DNSVI validation method. This attack required implicit default vhost together with capability to upload certificates.
It looked like TLS-SNI-01 worked around this by adding iterations and requiring provisioning multiple certificates. But TLS-SNI-02 doesn't contain anything similar, and it would seem like it would be vulernable if attacker controns the default vhost certificate. Was it decided that no host is bad enough to allow both the implicit-default-vhost and uploading own certificates without checking? One checking workaround would be to send a request for made-up challenge, check that it results either unrecognized_name alert or certificate that doesn't solve the original challenge and then check the original challenge again. Note that some systems might generate the certificates in the fly, so the two requests for the real challenge might not give the same certificate (even if bulk answering is not possible in TLS-SNI-02). -Ilari _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
