Re: [Acme] Want client-defined callback port

[Viktor Dukhovni <ietf-dane@dukhovni.org>]

On Tue, Apr 21, 2015 at 07:53:25PM -0700, Bruce Gaya wrote:

> The policy of Let's Encrypt Certificate Authority, however, is
> very important!   I also would very much like that CA to allow
> client-defined callback ports below 1024.

That level of diligence would finally expose the security of
certificate issuance for the charade that it is.  If the LE CA
adopted this policy, I would expect its certificates to be worth
exactly the price charged for them.  Relying parties should not
trust such a CA.

Of course relying parties should also not trust certificates based
on many of the other types of "it just works" issuance practices.
For example, certificates issued on the basis of the ability to
respond to an insecure email sent to an "admin" mailbox at the
domain, etc.

However much we pretend otherwise, the only party in position to
make a low (near zero) cost assurance that a particular owner
legitimately controls a given domain is the domain registrar.

The domain owner can attempt to demonstrate such control by injecting
"cookie" records into the DNS, but such demonstrations are subject
to MiTM attacks on the DV certificate issuing CA.

So in my view DV certificates are largely worthless (not significantly
better than unauthenticated TLS, and are used only because HTTPS
insists on an often meaningless CA signature).  The fact that LE
helps to bring the cost, including deployment costs, of meaningless
certificates to $0 is I guess progress.

-- 
	Viktor.