
Duplicate Signature Key Selection Attack in Let's Encrypt - kkl
https://www.agwa.name/blog/post/duplicate_signature_key_selection_attack_in_lets_encrypt
======
niksmac
Fortunately, it was mitigated before Let's Encrypt was publicly trusted..
[http://www.ietf.org/mail-
archive/web/acme/current/msg00611.h...](http://www.ietf.org/mail-
archive/web/acme/current/msg00611.html)

------
jmhodges
To be clear, the challenge types in question where removed from Let's Encrypt
production config during the private beta period (when we had a strict
whitelist of domains allowed to be issued for), had mitigations for them in
while they were out, and we deleted the code for them entirely the other day
(in
[https://github.com/letsencrypt/boulder/pull/1247](https://github.com/letsencrypt/boulder/pull/1247)
)

------
mynewtb
Wait, what good is a signature then if you can craft it? I may have
misunderstood, would appreciate a dumbed down answer.

~~~
keyme
A signature is good in this use case:

1) You have a public key you trust.

2) You get a message + hash + signature. You want to verify.

What we had here is:

1) There is a DNS record with a signature value only.

2) You send the public key + the message, and want to get the same signature
value.

This isn't secure, as per the article.

