-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello list,
On 07.12.2015 01:32, Manger, James wrote:
>>> Ideally, it [Let's Encrypt] would use the IP of the requester
>>> (of course only after it has verified that the IP is in the
>>> DNS) or allow the requester to specify a preferred IP.
>
In working to implemented LetsEncrypt at Bitly, I uncovered an issue
with the tls-sni-01 validation that limits its trustworthiness in
validation.
Issue:
The tls-sni-01 validation is intended to prove control over a domain
name. The challenge relies on presenting a
On 22 January 2016 at 13:38, Jehiah Czebotar wrote:
> 1) Change the requirement that the self signed cert have one DNSName,
> and require the response to have TWO DNS names. One that matches the
> requested hostname, and a second that is secret which proves it can
> only be