Comment by everfrustrated
Comment by everfrustrated 2 days ago
It feels like there's something of an attack vector here with cloud providers who lease IPs for hours at a time.
1. Lease IP
2. Obtain cert (verify can receive traffic to IP on port 80)
3. Give IP back
4. Cloud provider gives IP to another customer
5. Bgp attack IP with 6 days.
While I support the idea of IP certs I do wonder how thought through this is and what the future consequences for security are.
I agree with another commenter here who said this should be limited to IPs behind RPKI.
Possibly also needs a mechanism for IP owners to clamp the cert time to be below their IP re-lease policy. As an example a provider like AWS could require max certs of (say) 6 hours and ensure any returned IPs stay unleased for 6 hours before reissuing them)
If you control the IP or domain via a BGP hack, you can get a certificate issued while you control it, as long as you control it from the perspective of their CA.
You've got to be pretty lucky, or do a lot of IP cycling for your vector to be terribly useful. A paranoid user of IP certs would let their new public facing assignments settle for a week before using them; but I suspect few people will start using IP address certs, because of usability.