Hi Peter, We grappled with that same question in our recent work on non-interactive KEM PoPs, and I have to admit, came up emptier than we expected.
See appendix A of: https://eprint.iacr.org/2022/703 --- Mike Ounsworth ________________________________ From: Peter Gutmann <pgut...@cs.auckland.ac.nz> Sent: Thursday, October 6, 2022 8:51:17 PM To: von Oheimb, David <david.von.ohe...@siemens.com>; John Gray <john.g...@entrust.com>; Mike Ounsworth <mike.ounswo...@entrust.com>; tomas.gustavs...@keyfactor.com <tomas.gustavs...@keyfactor.com> Cc: sp...@ietf.org <sp...@ietf.org>; morgan...@dataio.com <morgan...@dataio.com>; tls@ietf.org <tls@ietf.org> Subject: Re: [TLS] [lamps] [EXTERNAL] Re: Q: Creating CSR for encryption-only cert? A general question, motivated by "I need a different hammer because the one I'm currently using isn't able to pound screws in properly": Why is PoP actually required? And by this I don't mean "why is it in theory a good thing", I mean what actual attack that's been actively exploited in the real world will use of PoP prevent? We've been shipping raw PKCS #10's around for decades (with no PoP) without causing the collapse of civilisation. Peter. Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
