On Sat, May 14, 2016 at 11:02 AM, Vladimir Dubrovin <[email protected]> wrote:
> 1. Alice makes certificate request for mx1.example.org to any public CA > choosing [email protected] as a validation address > Because Bob does not expect any mail to be received for > @mx1.example.org, he has no separate STS policy for this domain. 'A' > record is enougth to receive mail for @mx1.example.org. > 2. Alice hijacks validation e-mail for [email protected] and > confirms certificate. Now she has valid certificate for mx1.example.org > 3. Now, Alice can intercept any mail for example.org despite of STS > Interesting point. I think you're right that this would work for many (most? all?) CAs that do email-based domain ownership validation. Whether this is within the scope of what STS should address (in that we generally are assuming CA certs are trustworthy) I am not sure. And domain walking (as Viktor said) seems a bit crude to me, after all.
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
