In Berlin, I agreed to offer a few words about account key loss. Here it my initial suggestion. After the mail list makes improvements, I leave it to the document authors to find the right location in the document to place it. Somewhere in Section 6.2 or somewhere in Section 9 seems appropriate.
Russ = = = = = = = = Account Key Loss A client may need to change the public key that is associated with a registration if the account private key is lost. In this situation, the rollover procedure in Section 6.2.1 cannot be used because the signature with the existing key on the account cannot be produced. The CA needs to establish an out-of-band process to change the key associated with an account, and the process must be highly resistant to social engineering. If an attacker is able to successfully replace an account key, then they will be able to replace all of the associated certificates with ones that contain keys of their own choosing. Social engineering is an attack that relies heavily on human interaction, and it often involves tricking people into breaking or bypassing security procedures. Many techniques have been used over the years to thwart social engineering; they usually involve gathering additional information during the registration process that can be used later to increate confidence that one is actually communicating with the person that did the initial registration. For example, the CA might collect the answers to a set of questions that are not likely to be available in online databases, and the CA might collect a telephone number that can be used as part of challenge-response authentication. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
