-----Original Message----- From: Peter Gutmann <pgut...@cs.auckland.ac.nz> Sent: Friday, October 7, 2022 1:31 PM To: von Oheimb, David <david.von.ohe...@siemens.com>; Mike.Ounsworth=40entrust....@dmarc.ietf.org; John Gray <john.g...@entrust.com>; tim.holleb...@digicert.com; tomas.gustavs...@keyfactor.com Cc: morgan...@dataio.com; sp...@ietf.org; tls@ietf.org Subject: Re: [lamps] [TLS] [EXTERNAL] Re: Q: Creating CSR for encryption-only cert?
von Oheimb, David <david.von.ohe...@siemens.com> writes: >Peter, the argument you gave below: > >> I mean what actual attack that's been actively exploited in the real world >> will use of PoP prevent? >> We've been shipping raw PKCS #10's around for decades (with no PoP) without >> causing the collapse of civilisation. >> We've been shipping raw PKCS #10's around for decades (with no PoP) without >> causing the collapse of civilisation. Peter, just wanted to point out that this is one of the most humorous things I've read in a while. I should make a poster or t-shirt out of this statement (as we watch civilization collapse around us for other reasons).... 😊 > >appears invalid to me because PKCS#10 requires a self-signature (at >least, this is how they are understood/used by most implementations) >and thus does provide a PoP - and maybe civilization has survived just >because of tha >A self-signature on a CSR isn't a PoP though, I can intercept your CSR and get >myself a certificate issued for it even though I don't have the private key. You can replay the CSR and get the certificate request by the original party signed by whatever CA you want, but would that do you any good if you don't have the private key? I guess you are saying the self-signed signature is just a proof that someone has the private key, but proof of Origin is what we really want. >Strictly speaking, it is invalid (also) because the absence of known >real- world attacks does not prove that real attacks do not exist by >now or cannot be found in the future. >Sure, but we lots of real-world attacks being actively exploited at scale that >we aren't dealing with (a great quote from a vulnerability researcher on this >a few years ago was "If there's a booming criminal marketplace associated with >your security > mechanism then it's not working"). Once those are addressed we can look at > the near-infinite number of theoretical attacks that no-one's ever been able > to figure out what to do with. The 80-20 rule. I see what you are saying. The CT log garbage may not be a big issue. In the end the users win, they will use whatever route is easiest and doesn't cause the collapse of society... 😊 Peter. Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
