On Nov 2, 2025, at 13:34, Erik Nygren <[email protected]> wrote: > > Paul Wouters proposed that we drop the 4086 reference and instead say: > > "When Random Tokens are used, they MUST be constructed in a way that provides > sufficient unpredictability to avoid collisions and brute force attacks." > > This is in addition to the text "Application Service Providers MUST evaluate > the threat model for their particular application to determine a token > construction mechanism that guarantees uniqueness and meets their security > requirements." > > Does that cover your concerns?
No. From my previous message: Either you have to describe the attack before you describe how to mitigate the attack with cryptographically strong keys, or you need to remove the un-supported mitigation. I propose you do the latter because the rest of the draft works just fine with on-path attackers for everyone other than those who need cryptographically strong keys (namely certificate authorities). Said another way, if this draft is really about domain control validation for everyone, and only CAs care about that attack, don't even list it. It is safe to assume that any CA doing ACME understands the issue. > It's not just CAs who have security requirements around DCV. As an example, > SaaS providers using it to link the enrollment of domains to customer > accounts may care heavily around security, but the details of their threat > model will be specific to their application. If SaaS providers are like CAs and worry about on-path attackers, then you should describe that attack and show its mitigation. --Paul Hoffman _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
