|
I have been unable to find anywhere in
my comments where I suggested that syntactic mis-issuance should
not be discussed in the document. The "responses" you provided
have nothing to do with my comments.
On 05/09/2018 08:49 AM, Stephen Kent wrote:
- Section 4.2.2 says
"However, even if errors are detected and reported to the
CA, a malicious/conspiring CA may do nothing to fix the
problem or may delay action." As noted previously, no
explanation is provided as to why this is a threat or
attack. If the Subject knows that there are errors in the
certificate, then the Subject can just get another
certificate (from a different CA, if necessary). It doesn't
matter whether the CA revokes the erroneous certificate or
not.
See previous
comment on why syntactic mis-issuance is included in
this document.
- Section 5.6, paragraph 5
says "If a Monitor is compromised by, or conspires with, an
attacker, it will fail to alert a Subject to a bogus or
erroneous certificate targeting that Subject, as noted
above." As noted previously, this document needs to explain
how an attacker can "target" a Subject with an erroneous
certificate.
As noted above,
Ben insisted that syntactically erroneous certificates
were considered mis-issued, and hence motivated
inclusion of the text in Section 4.
|
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
