_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
reading it again I'm no longer sure we can say account label isn't
security perpose: entire point of this challange is those
account-specific hostname CNAMEed to some delegated dns server for acme
perpose (like https://github.com/joohoi/acme-dns). and when clients are
using 3rd part DNS hosting service for that most trivial attack method
from delegated DNS server for such dns server would be trying to create
an account that using same validation domain. While I'm think while
current way is safe enough as it needs createing more than 2^40 accounts
to expecting some collison, I don't think we can say it's non-security
and should mention this lable need some collision resistence.
- [Acme] Can we say dns-account-01 challenge's account label isn'... Seo Suchan
