von Oheimb, David <david.von.ohe...@siemens.com> writes: >Peter, the argument you gave below: > >> I mean what actual attack that's been actively exploited in the real world >> will use of PoP prevent? >> We've been shipping raw PKCS #10's around for decades (with no PoP) without >> causing the collapse of civilisation. > >appears invalid to me because PKCS#10 requires a self-signature (at least, >this is how they are understood/used by most implementations) and thus does >provide a PoP - and maybe civilization has survived just because of tha
A self-signature on a CSR isn't a PoP though, I can intercept your CSR and get myself a certificate issued for it even though I don't have the private key. >Strictly speaking, it is invalid (also) because the absence of known real- >world attacks does not prove that real attacks do not exist by now or cannot >be found in the future. Sure, but we lots of real-world attacks being actively exploited at scale that we aren't dealing with (a great quote from a vulnerability researcher on this a few years ago was "If there's a booming criminal marketplace associated with your security mechanism then it's not working"). Once those are addressed we can look at the near-infinite number of theoretical attacks that no-one's ever been able to figure out what to do with. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
