On Mon, May 18, 2020 at 11:40 AM Matthew Hardeman via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > A scary example, I know, but StartCom's original system was once described > as taking the public key data (and they emphasized _only_ the public key > data) from the CSR. Everything else was populated out-of-band of any PKI > protocols via the website. > > Frankly, I don't see how anyone permitting signature over a third party > public key without proof of control of the matching private key creates a > risk. I think if there are relying-party systems where this creates a > problem, the error is in those relying-party systems and their respective > validation logic.
Why would StartCom's system be "A scary example" when you acknowledge that you don't see how it creates a risk? The scenario you ascribe to StartCom is exactly what is recommended, of CAs, in numerous CA incident bugs where the failure to apply that restrictive model has lead to misissuance. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy