Changes between Initial Version and Version 1 of Ticket #419, comment 17


Ignore:
Timestamp:
Jan 10, 2018, 11:32:36 AM (7 years ago)
Author:
andersk
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #419, comment 17

    initial v1  
    1 In light of today’s news from Let’s Encrypt, we should make sure not to make ourselves vulnerable to [https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996 this attack on ACME TLS-SNI-01 verification]: users must not be able to upload certificates for domains that we haven’t validated are under their control.
     1In light of today’s news from Let’s Encrypt, we should make sure not to make ourselves vulnerable to [https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996 this attack on ACME TLS-SNI-01 verification]: users must not be able to upload certificates including a CN or subjectAltName for a domain that we haven’t validated is under their control.