Changes between Initial Version and Version 1 of Ticket #419, comment 17
- Timestamp:
- Jan 10, 2018, 11:32:36 AM (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #419, comment 17
initial v1 1 In light of today’s news from Let’s Encrypt, we should make sure not to make ourselves vulnerable to [https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996 this attack on ACME TLS-SNI-01 verification]: users must not be able to upload certificates for domains that we haven’t validated areunder their control.1 In light of today’s news from Let’s Encrypt, we should make sure not to make ourselves vulnerable to [https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996 this attack on ACME TLS-SNI-01 verification]: users must not be able to upload certificates including a CN or subjectAltName for a domain that we haven’t validated is under their control.