If I understand correctly how Let’s Encrypt works from the very basic “how it works” info, there are currently two approaches to zero touch “domain validation” certificates:
- E-mail verification, as used by just about every other service
- TCP connection based, which seems unique to letsencrypt
The first works by sending a token or a link to a mailbox that seems to be at least a bit related to $DOMAINNAME and the second works by making a TCP connection to the server currently reachable as $DOMAINNAME to exchange tokens.
E-Mail verification has many technical attack vectors in approximate reverse order of ease: BGP Hijack, DNS spoofing, mailserver hack, individual mailbox credential theft, desktop compromise, exploit config mistake/bad data in DNS, exploit bad/old data (e-mail address) in whois, snarf e-mail data in transit or at rest on an insecure endpoint, etc etc. Lets not even get started on social engineering.
The letsencrypt approach principally shares only the first two: BGP Hijack & DNS spoofing. Letsencrypt seems to have lots of smart folks involved and there are many of things that can be done if you want to harden the connection from the point of view of one or two authentication servers to make these attacks less successful.
I haven’t dug into their technology, and there may be public papers on how this is secured, but off the top of my head stuff like running a custom recursive DNS lookup algorithm, obviously enforcing DNSSEC where it exists, and implementing DNS recursion very conservatively, for example making fresh authoritative queries as you recurse rather than using cached values (& maybe comparing against cached values at one or two major external recursive services to detect the probability of short term spoofing).
There is also plenty of stuff that can be done to harden BGP from the perspective of one or two discrete endpoints where your auth servers live to take a more conservative view on whether the AS path you are using to reach a network at this instant is possibly hijacked (from the baseline like use only connectivity providers that perform path filtering against databases, to more fun stuff like monitoring your routing table to build up an AS path history and detect short term changes and injection of more specifics, for extra fun do this validation at multiple places on the Interwebs via diverse providers etc etc).
I recon this probably has (& certainly can) be made a heck of a lot more secure than the e-mail auth style certificates that are already out there.