> 4. Root certificate does not appear in the chain but it's expected > that clients already know it. E.g. look in /etc/ssl/certs/. > > Rationale is that the client shouldn't blindly trust that the chain > received by the acme server is valid. See my other reply. But to respond to this specifically, can you explain what threat model is mitigated by distrusting the chain served by the ACME server?
So far in my client I've explicitly avoided doing any actual trust-anchor-based validation of the returned chain, and it's unclear to me what the value of it would be for the complexity (and reliance on system trust stores and their potential variability) it introduces.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
