Hi Steve,
At 12:14 25-11-2013, Stephen Kent wrote:
I'm puzzled by your last comment. In the PKI context, the phrase
"proof of possession"
(PoP) refers to a mechanism used to verify that a subject requesting
a cert possesses the
private key corresponding to the public key in the cert request.
When an entity receives a cert containing Subject name (or Subject alt name)
that is not appropriately associated with the entity, that is NOT a failure
of PoP. The entity presumably does possess the corresponding private key,
since it can't complete a TLS exchange without it.
I wasn't thinking about failure of PoP or PKI. Your message reminded
me that I didn't think about some real world details when I made that comment.
Regards,
-sm
P.S. I was thinking about how often passports were used.
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
