Implement a proper Proof of Possession system (PoP) and make Let's Encrypt opt-in instead of opt-out.
Given that in the end, Let's Encrypt/ACME relies on PoP of a DNS domain, DNSSEC setup on the domain should have been a prerequisite.
In addition, an explicit opt-in should be required, for example, with a requirement for a CAA record pointing to LE.
---
As a side note, this whole situation leaves me with a really weird feeling.
On one end, I will always be grateful for LE enabling tls/https generalization.
On the other, I kind of feel betrayed and/or ashamed that LE/ACME almost willingly introduced protocol flaws weakening the whole CA infrastructure and that we (me included) didn't challenge it more when LE was introduced.
If they used DNS validation it would be better because there would be only one point of failure (DNS) rather than many (DNS and every ISP between CA and a site).
Everyone needs to opt-in to use more secure methods and by default non-secure validation methods, which allow easy issuing fake certificates, are allowed. This is wrong.
Implement a proper Proof of Possession system (PoP) and make Let's Encrypt opt-in instead of opt-out.
Given that in the end, Let's Encrypt/ACME relies on PoP of a DNS domain, DNSSEC setup on the domain should have been a prerequisite.
In addition, an explicit opt-in should be required, for example, with a requirement for a CAA record pointing to LE.
---
As a side note, this whole situation leaves me with a really weird feeling.
On one end, I will always be grateful for LE enabling tls/https generalization.
On the other, I kind of feel betrayed and/or ashamed that LE/ACME almost willingly introduced protocol flaws weakening the whole CA infrastructure and that we (me included) didn't challenge it more when LE was introduced.
If they used DNS validation it would be better because there would be only one point of failure (DNS) rather than many (DNS and every ISP between CA and a site).
The thread above (https://news.ycombinator.com/item?id=37958831) elaborates on how to force DNS validation and/or how to tie your private key with Let's Encrypt via DNS.
Everyone needs to opt-in to use more secure methods and by default non-secure validation methods, which allow easy issuing fake certificates, are allowed. This is wrong.
3 replies →
And DNS does not traverse several ISPs?