* Are you worried about a MitM causing the real CA to issue a certificate to the MitM? That risk is already addressed in ACME, but using *client* authentication, not server authentication -- what matters is the client from which the server accepts domain proof and a CSR, not what server the client thinks it's talking to. * I am concerned about MitM issuing the certificate to the client.
I am confused. You are worried about an attacker “intercepting” the ACME connection and issuing a certificate to the client? It is not necessary to add more “protection” at the TLS layer to protect against this. The client can verify the signed certificate, and CA chain, that comes back. DANE is not widely used, and it seems like a mistake to require it for ACME.
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme