Comment by KairuByte
3 years ago
Because the attacker can simply request new keys. There’s nothing stopping them from going “hey LE, I need a new key! This is my domain, here is the challenge, give me my cert!” And LE will oblige, because as far as it can tell, they are you.
Edit: To be clear, this is a problem with a solution. But you asked why simply throwing a LE cert into the mix wouldn’t prevent the issue.
Ownership is already handled by checking DNS (and this thread covers a way to make that even more secure, which LE supports), and as far as I can tell neither has nothing to do with preventing MITM between LE and your servers.
And no, I don't mean throwing LE certs around to prevent MITM - this whole article is about the difficulties before having an LE cert, so that's necessarily excluded.
I'm wondering "why not client certificates". They're a well established way to stop MITM, seems like a simple choice for the ownership validation step.
Have you ever tried to explain key distribution/management to a normal person?
You should try it sometime.
Sure, but this is not particularly relevant when talking about a security product that you use to do key distribution and management (LetsEncrypt).
Explaining and guiding people through that is the whole point.