|
|
|
|
|
|
by silisili
1140 days ago
|
|
|
I'm not well versed in ACME but in DNS, unfortunately. Yes, it would have the same issue if it works as described. I've read a whitepaper on the subject I described and the time to poison cache goes way, way down. Basically, anyone could pull it off. I think a solution here in the validation space is just avoiding the caching server altogether. If the validating server does something like dig +trace, it avoids this problem, especially if it prefers TCP. |
|
|