I thought I posted on this a while ago, but I can't seem to find the post. It may have been CAB Forum (where the archives are nearly useless). The conclusion from that is the CSR isn't required as part of the issuance process because there isn't a risk without having actual control over the private key. The worst someone can do is....demonstrate the existence of a cert with a bad public key?
For those interested, the short of what happened is that we had an old service where you could replace existing certificates by having DigiCert connect to a site and replace the certificate with a key taken from the site after a TLS connection. No requirement for a CSR since we obtained proof of key control through a TLS connection with the website. Turned out the handshake didn't actually take the key, but allowed the customer to submit a different public key without a CSR. We took down the service a while ago - back in November I think. I plan to put it back up when we work out the kink with it not forcing the key to match the key used in the handshake. -----Original Message----- From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> On Behalf Of Matt Palmer via dev-security-policy Sent: Sunday, May 17, 2020 10:37 PM To: Mozilla <mozilla-dev-security-pol...@lists.mozilla.org> Subject: Re: Digicert issued certificate with let's encrypts public key On Mon, May 18, 2020 at 03:46:46AM +0000, Peter Gutmann via dev-security-policy wrote: > I assume this is ACME that allows a key to be certified without any > proof that the entity requesting the certificate controls it? ACME requires a CSR to be submitted in order to get the certificate issued. A quick scan doesn't show anything like "the signature on the CSR MUST be validated against the key", but it does talk about policy considerations around weak signatures on CSRs and such, suggesting that it was at least the general intention of ACME to require signatures on CSRs to be validated. In any event, given that the certs involved were issued by Digicert, not Let's Encrypt, and Digicert's ACME issuance pipeline is somewhat of a niche thing at present, I think it's more likely the problem lies elsewhere. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
