Re: [Acme] Signature misuse vulnerability in draft-barnes-acme-04

Rob Stradling <rob.stradling@comodo.com> Thu, 13 August 2015 09:40 UTC

Return-Path: <rob.stradling@comodo.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7382B1B37DF for <acme@ietfa.amsl.com>; Thu, 13 Aug 2015 02:40:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.279
X-Spam-Level:
X-Spam-Status: No, score=-3.279 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_NET=0.611, HOST_MISMATCH_COM=0.311, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aprc6W45E222 for <acme@ietfa.amsl.com>; Thu, 13 Aug 2015 02:40:54 -0700 (PDT)
Received: from mmextmx2.mcr.colo.comodoca.net (mail1.comodoca.com [91.209.196.72]) by ietfa.amsl.com (Postfix) with ESMTP id 4842A1B37E7 for <acme@ietf.org>; Thu, 13 Aug 2015 02:40:53 -0700 (PDT)
Received: (qmail 27322 invoked by uid 1004); 13 Aug 2015 09:40:52 -0000
Received: from ian.brad.office.comodo.net (HELO ian.brad.office.comodo.net) (192.168.0.202) by mmextmx2.mcr.colo.comodoca.net (qpsmtpd/0.84) with ESMTP; Thu, 13 Aug 2015 10:40:52 +0100
Received: (qmail 10203 invoked by uid 1000); 13 Aug 2015 09:40:51 -0000
Received: from and0004.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Thu, 13 Aug 2015 10:40:51 +0100
To: yan <yan@eff.org>, Andrew Ayer <agwa@andrewayer.name>, Richard Barnes <rlb@ipv.sx>
References: <20150811085205.bbcd37b3b0bb0482f6522b1a@andrewayer.name><CAL02cgRf2M0Gkqymif-=rmNG0v9hhaMC2SBiXf-n5aYiRKBnmQ@mail.gmail.com><55CBB2D8.2080504@eff.org><20150812161617.c777cb5bff60681afa43bedb@andrewayer.name> <55CBF9AD.4040401@eff.org>
From: Rob Stradling <rob.stradling@comodo.com>
Message-ID: <55CC6623.9080704@comodo.com>
Date: Thu, 13 Aug 2015 10:40:51 +0100
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <55CBF9AD.4040401@eff.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/6zSUGYwrIOWtd9owBz79rEBBiBk>
Cc: "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] Signature misuse vulnerability in draft-barnes-acme-04
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2015 09:40:57 -0000

On 13/08/15 02:58, yan wrote:
<snip>
> I see James is already fixing this:
> https://github.com/letsencrypt/acme-spec/pull/217/files.

Shouldn't that work be happening at...

https://github.com/ietf-wg-acme/acme

...now?

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online