Matthew Hardeman <> writes:

>What gap, exactly?  There’s not a risk here.

There are attacks possible, but this stuff was covered more than twenty years
ago by PKIX and I can't remember the specifics.  It was around various ways of
fooling a victim that you'd signed something that you hadn't based on the two
different certs.

>I don’t think it’s been codified that private key possession or control has
>to be demonstrated.

All the PKIX cert-enrolment protocols (CMP, CMC, and plain PKCS #10) as well
as the non-PKIX SCEP require proof-of-possession in order to deal with these
problems.  Unfortunately in the PKIX tradition the spec just says "In order to
prevent certain attacks" without ever saying what they are.

I assume this is ACME that allows a key to be certified without any proof that
the entity requesting the certificate controls it?  I don't know that any of
the PKIX protocols allow it.

dev-security-policy mailing list

Reply via email to