* I am not trying to raise an issue Yes, that is exactly what you are doing. Raising an issue for discussion. It’s just the terminology we use.
* Acme server is CA server and shouldn't need a root store to be validated or trusted, that root store can be easily manipulated even by a software, even without locally manipulation the MitM can issue a certificate to the client by simply hijacking the connection and having certificate issued by trusted CA, and the client will validate and trust that certificate. I thought you were concerned about client’s being attacked by MiTM? At any rate, you didn’t waste anyone’s time. Open discussion is the purpose.
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme