Hi Matt,
I was out and had to catch up with the messages sent to this thread. It
appears that Rob and Corey have included specific attack scenarios that
seem to answer your questions. However, I added some additional comments
to further explain my position.
On 4/2/2022 2:20 π.μ., Matt Palmer wrote:
On Wed, Feb 02, 2022 at 06:23:59AM +0000, Dimitris Zacharopoulos wrote:
I believe the phrase "previously demonstrated" may be misinterpreted to
mean the initial CSR submission, as Wilson and Ryan described.
There needs to be some sort of "fresh" or new demonstration of controlling
the compromised key so that other Subscribers can be safe from the DoS
scenario. Hope this sounds reasonable.
Can you explain your reasoning here? If a subscriber proved possession at
time of issuance, what scenario is there where that same subscriber saying
"this key is compromised" could cause a DoS on another legitimate
subscriber?
Note that by "proved possession" I'm not referring to CAs who just use the
CSR as a convenient way of receiving the public key. I understand that
if a CA doesn't validate that the details in the CSR matches the details in
the issued certificate, that doesn't prevent the DoS scenario, but I also
don't consider that to provide proof of possession.
As several people stated in this thread, CSRs are not intended to be
kept "private". They could be found in public repositories. Allowing a
third-party to submit a certificate problem report and use a CSR without
any indication in the signed message that this is to be used as proof
that this key is compromised, can cause a DoS.
I recall having seen certificate problem reports that are submitted by
security researchers for which the CN included text indicating that this
is to report a compromised key. I believe the CN was "this key is
compromised" or something along those lines. With that said, if a CA
wants to accept a certificate problem report by a third-party, with a
CSR that just includes CN=mydomain.example.com and treat that as POP for
revoking all certificates that include the public key in that CSR, I
don't think there is anything in the current BRs or Mozilla policy to
forbid it. IMO it would be a bad practice.
Hope it makes things a bit clearer.
Dimitris.
--
You received this message because you are subscribed to the Google Groups
"[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/6ab257da-749a-10d9-eb65-6afcf93ca790%40it.auth.gr.
