Inspired by @sleevi_ in m.d.s.p.: Detail a meaningful attack that exploits a CA not verifying proof of possession of the private key for the public key in the CSR, or explain why there could never be such a meaningful attack. (FWIW, most USG standards mandate CAs verify PoP.)
-
-
In general, I think any protocol which includes the identity of sender in signed message, or identity of recipient in encrypted message, doesn't need CA to check PoP, because there's no way for private key to be used with an unexpected identity.
-
I don’t think that’s the sole property - e.g. protocols that do lookups or keys to identities, or identities to keys, both need PoP (e.g. S/MIME)
- 1 more reply
New conversation -
-
-
Right. I didn't phrase that Tweet well. If the holder of the certificate private key wants to play shenanigans with the MS they can. But that's not applicable to the no-proof-of-possession scenario because in that case the would-be attacker doesn't hold the private key.
End of conversation
New conversation
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.