 |
Post AqjdC1U4aG9vPla1ZI by [email protected] |
 |
More posts by [email protected] |
|
Post #AqingKyrSuIuxA7BWC by [email protected] |
|
0 likes, 2 repeats |
|
|
|
DRAFT Release: Don't share yet. Please comment and review :> https://has… |
|
|
|
Post #AqjcbsQilkumuPmCiO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@joern Thank you for your feedback. I've added your link and made it more c… |
|
|
|
Post #AqjdC1Kr8WmoxBGfCa by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@thc This is solved with ACME-CAA (#RFC8657), not that people use ACME-CAA, but… |
|
|
|
Post #AqjdC1U4aG9vPla1ZI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@n Thank you for your feedback. Thank you for the RFC-8657 note. I have not rea… |
|
|
|
Post #AqjdTRbWirq3LdNE80 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@thc What I don't get: In section 3 you write "No, we wont fix this wi… |
|
|
|
Post #AqjdTRjgEYMPkvBjpw by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@christopherkunz thank you for your feedback. I've now changed this to make… |
|
|
|
Post #AqjdeM15pzxNCgXBpY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@thc you nailed it with „no surprise here“. ¯_(ツ)_/¯ |
|
|
|
Post #AqjdeM9bKMlJd4Vz5k by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@thc I mean the ACME RFC states it alreadyAn active attacker on the validation … |
|
|
|
Post #AqjdeMJsi8zA8xKC7E by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@joern @thc I came here to say this. There’s a good chunk of truth in your ar… |
|
|
|
Post #AqjdeMUA5vD0eq8P8i by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@freddy @joern thank you for your feedback. Toned down and added "ACME&quo… |
|
|
|
Post #AqjfeiNKuMtcSMEouu by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@joern @thc Regarding the proposed changes: 1. CT already has a bandwidth/stora… |
|
|
|
Post #AqjfeiXGJSpsx8skO8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@joern @thc I also found a couple of minor typos. Link me to a file and I can s… |
|
|
|
Post #Aqjfeig7mVvPOd1pCa by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@joern @thc Wait, I am slowly waking up 🥴.. How does CAA actually help thoug… |
|
|
|
Post #AqjfeinZKpsbliVlo0 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@freddy @joern uhh. err. yes, you are correct. I made this clear now in the art… |
|
|
|
Post #AqkXitppdebsgH0kYy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@thcQuestion, why isn't dns-01 mentioned? It's not clear if let's … |
|
|
|
Post #Aqkr4ktXSOPCS9scts by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@encthenet thank you for your comments. I don’t think the article says “all… |
|
|
|
Post #AqmDdodDwoGEKOKeUy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@thc @freddy @joern CAs have to perform one of the methods described in the CA/… |
|
|
|
Post #AqmDdooDHx3EsTTQcy by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@antonis @freddy @joern I can see the challenge with “new very only if you kn… |
|
|
|
Post #AqmEq0KqMMnW3T6vUO by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@thc @freddy @joern Correct, there are 3 things here to note:1) Downgrade attac… |
|
|
|
Post #AqmEq0TLqjbSTr5ika by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@thc @freddy @joern This latter part is a problem as there's also no DNSSEC… |
|
|
|
Post #AqmEq0cDJmgyvLEnZ2 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@antonis @freddy @joern from an attacker it is harder (often impossible) to int… |
|
|
|
Post #AqmF76JlMzlbX4l1yC by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@antonis @freddy @joern “most domains have DNS and WWW on the same IP”? I d… |
|
|
|
Post #AqmOMkekZdFWZU6zTs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@thc @freddy @joern Exactly, and that's the spirit. Try to protect as many … |
|
|
|
Post #AqmOMkoK02uD3AadOq by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@antonis @freddy @joern 100% agree. ACME-HTTP-01 stops Eve but not Malory. And … |
|
|
|
Post #AqmbgsP8m4n5nWjlGi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@thcYeah, it doesn't say all certs, but there are statements that heavily i… |
|
|
|
Post #Aqnrj05Yy6USdMZgC8 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@encthenet thanks for the feedback. I’ve changed ACME to ACME-HTTP-01. Furthe… |
