Possession of a CSR is not proof of compromise. For a quick demonstration, here are 45k CSRs <https://github.com/search?q=%22BEGIN+CERTIFICATE+REQUEST%22+MII&type=code> which I could submit to a revocation API, but for which I certainly do not control -- nor know anything about the compromise status of -- the corresponding private key.
Aaron On Tue, Mar 25, 2025 at 12:29 AM Suchan Seo <tjtn...@gmail.com> wrote: > I personally don't care, but Current moziila revocation reason policy > <https://wiki.mozilla.org/CA/Revocation_Reasons#End_Entity_TLS_Certificate_CRLRevocation_Reasons> > explictly not allow CSR as proof of key possesion: > The scope of revocation depends on whether the certificate subscriber has > proven possession of the private key of the certificate. A CSR alone does > not prove possession of the certificate’s private key for the purpose of > initiating a revocation. > > - If anyone requesting revocation for keyCompromise has previously > demonstrated or can currently demonstrate possession of the private key of > the certificate, then the CA operator MUST revoke all instances of that key > across all subscribers. > - If the certificate subscriber requests that the CA operator revoke > the certificate for keyCompromise, and has not previously demonstrated and > cannot currently demonstrate possession of the associated private key of > that certificate, the CA operator MAY revoke all certificates associated > with that subscriber that contain that public key. The CA operator MUST NOT > assume that it has evidence of private key compromise for the purposes of > revoking the certificates of other subscribers, but MAY block issuance of > future certificates with that key. > > > 2025년 3월 25일 화요일 오후 3시 56분 10초 UTC+9에 Arabella Barks님이 작성: > > Suchan Seo, > > Regarding your concern about being included in the > GlobalKeyCompromisedList without proof, I have a technical proposal: Since > the CA definitely holds 100% of the CSR (Certificate Signing Request) > submitted by the applicant when applying for a certificate, and the CSR > contains the signature stamp of the private key on the application message, > if the CA submits the CSR together when docking with the > GlobalKeyCompromisedList, is it sufficient to prove that the applicant owns > the private key? > > I'm not sure if this is enough to ease your concerns. If there are any > errors on my part, I’m pleased and welcome to see your corrections. > > > > -- > You received this message because you are subscribed to the Google Groups " > dev-security-policy@mozilla.org" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to dev-security-policy+unsubscr...@mozilla.org. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/2c5ae5d4-e876-4a28-a18a-36bd2c2cc485n%40mozilla.org > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/2c5ae5d4-e876-4a28-a18a-36bd2c2cc485n%40mozilla.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAEmnErcXrMoTRN29vc7BC%2BhgLEKa3ij-Y33LWsPnsm9tCzT5mA%40mail.gmail.com.
