%% You should probably cite draft-fiebig-security-acme instead of this I-D.
@techreport{fiebig-acme-esecacme-00,
    number =    {draft-fiebig-acme-esecacme-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-fiebig-acme-esecacme/00/},
    author =    {Tobias Fiebig and Kevin Borgolte},
    title =     {{Extended Security Considerations for the Automatic Certificate Management Environment (ESecACME)}},
    pagetotal = 9,
    year =      2018,
    month =     oct,
    day =       21,
    abstract =  {By now, most Public Key Infrastructure X.509 (PKIX) certificates are issued via the ACME protocol. Recently, several attacks against domain validation (DV) have been published, including IP-use-after- free, (forced) on-path attacks, and attacks on protocols used for validation. In general, these attacks can be mitigated by (selectively) requirering additional challenges, e.g., DNS validation, proof of prior-key-ownership, or in severe cases even extended validation (EV) instead of DV. This document provides a list of critical cases and describes which mitigations can be used to reduce the threat of issuing a certificate to an unauthorized party.},
}