Before issuing a certificate, Let’s Encrypt needs to verify domain ownership in some way. The practically workable methods as of 2015 all involve relying on cryptographically insecure methods. This is because there is no cryptographically secure way to verify domain ownership supported by the IANA and their delegates who control domain registration (to my knowledge).
The ACME protocol RFC has a section which discusses how to minimize the risks of attacks during this bootstrapping phase. For example, it discusses a method which I consider to be the most practically useful called “Querying the DNS from multiple vantage points to address local attackers”.
I would like to discuss this method and have the following questions:
- Are Let’s Encrypt planning to perform these checks from multiple vantage points?
- Will the checks be limited to DNS lookups or will the HTTP aspects of the verification also be undertaken from multiple vantage points?
- Are customer nodes running the daemon going to participate in this distributed checking (like Convergence)?
- Will the results of these distributed checks be published publicly to a database (like Certificate Transparency)?
[Mod: fixed links]