i found some security concerns with both methods:
- http-01 here the server only show that he know the public key of the client. Token + Hash(publicUserKey)
At least the server have the information for which domain he is proving.
- tls-sni-01 here the only task is that the server have to reply with and certificate with specified subjectAlternativeName
The simpleHTTP not only check that the server handle the domain, it also checked that the server knows the privateUserKey so why not using simpleHTTP via HTTP if there are HTTPS-Concerns about stupid admin with default Servers?
For tls-sni we could request .<encoded(token)>.<encoded(userPublicKey)>.acme.invalid
And the server response should contain two alternative names.
encoded(SHA1withRSA(.<encoded(token)>.<encoded(userPublicKey)>.acme.invalid , userKey)).SHA1withRSA.acme.invalid
So he proves that he have ht private user key and he know for which domain he is proving:
signature = HEX(SHA1withRSA(fqdn|’.’|token, userKey))
http := http:///.well-known/acme-challenge//
Reply: text/plain ,
Reply: SubjectAlternativeName: ...acme.invalid
So in this case the server does not require to have access to the private user key.
He only need access to the public key but than can verify that the request was issued by some person who have the users private key. That mean we have an two way identification.