|
|
Subscribe / Log in / New account

"Smaller attack surface"?

"Smaller attack surface"?

Posted Aug 13, 2025 19:44 UTC (Wed) by NYKevin (subscriber, #129325)
In reply to: "Smaller attack surface"? by HenrikH
Parent article: NGINX adds native support for ACME protocol

Yes, read access is by far the more dangerous permission here.

In most situations, there would also be the question of whether it's a good idea to add a bunch of parsing code to the HTTP server's codebase. But ACME takes place over TLS, and your counterparty is authenticated before the ACME code even runs. If you don't trust the same CA that is issuing your certificate in the first place, then you have far larger problems than a little extra parsing code.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds