> a 90 day window of cert validity limits the amount of time a given cert can be...

zeendo · on Dec 5, 2015

...that's only true while the attacker controls the site.

The 90 day window mitigates the effect of the cert being leaked.

Just because I grabbed a site's cert on day doesn't mean I control the site. In fact, there's nothing to say I even compromised the site to get the cert in the first place. Perhaps it was mishandled internally? Or grabbed via a heartbleed-style attack?

simoncion · on Dec 6, 2015

> But a the OP pointed-out, if a site using LE is compromised then the attacker has basically an infinite duration of valid certs, because they are automatically renewed.

As zeendo mentions, this is only true while the attacker can continue to provide proof that they control the site in question.

> There is no manual challenge to receive a new cert.

You're talking about a server on which an attacker has the ability to

* Read the server's ACME private key

And one or more of

* Add new documents to [scheme]://[domain]/.well-known/acme-challenge/

* Stand up a HTTPS server at the domain for which a key is being requested that responds with LE-provided data using a LE-provided temporary key.

* Sign challenge information using a previously issued private key.

* Add a TXT record for the domain in question containing data specified by the LE server.

This requires a server to be pretty thoroughly pwnt.

What's more, even though cert revocation works poorly in the real world, the LE servers almost certainly respond correctly to cert revocation requests. So, if a server operator notices that his box has been pwnt, he can revoke the certs that were issued during the time, closing the "Sign challenge info using a previously issued LE key" barn door for good. (Or until his machine gets pwnt again.)

Frankly, I think that OP hasn't actually had a good look at how the LE software works, or the design of ACME.