I thought I posted on this a while ago, but I can't seem to find the post. It 
may have been CAB Forum (where the archives are nearly useless). The conclusion 
from that is the CSR isn't required as part of the issuance process because 
there isn't a risk without having actual control over the private key. The 
worst someone can do is....demonstrate the existence of a cert with a bad 
public key?

For those interested, the short of what happened is that we had an old service 
where you could replace existing certificates by having DigiCert connect to a 
site and replace the certificate with a key taken from the site after a TLS 
connection. No requirement for a CSR since we obtained proof of key control 
through a TLS connection with the website. Turned out the handshake didn't 
actually take the key, but allowed the customer to submit a different public 
key without a CSR. We took down the service a while ago - back in November I 
think. I plan to put it back up when we work out the kink with it not forcing 
the key to match the key used in the handshake. 

-----Original Message-----
From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> On 
Behalf Of Matt Palmer via dev-security-policy
Sent: Sunday, May 17, 2020 10:37 PM
To: Mozilla <mozilla-dev-security-pol...@lists.mozilla.org>
Subject: Re: Digicert issued certificate with let's encrypts public key

On Mon, May 18, 2020 at 03:46:46AM +0000, Peter Gutmann via dev-security-policy 
> I assume this is ACME that allows a key to be certified without any 
> proof that the entity requesting the certificate controls it?

ACME requires a CSR to be submitted in order to get the certificate issued. 
A quick scan doesn't show anything like "the signature on the CSR MUST be 
validated against the key", but it does talk about policy considerations around 
weak signatures on CSRs and such, suggesting that it was at least the general 
intention of ACME to require signatures on CSRs to be validated.

In any event, given that the certs involved were issued by Digicert, not Let's 
Encrypt, and Digicert's ACME issuance pipeline is somewhat of a niche thing at 
present, I think it's more likely the problem lies elsewhere.

- Matt

dev-security-policy mailing list

dev-security-policy mailing list

Reply via email to