> >You can replay the CSR and get the certificate request by the original party > >signed by whatever CA you want, but would that do you any good if you don't > >have the private key? > > That's exactly the point, which others have also made in the thread. Yes, > you > can do this, but then what?
Then publish the certificate. Then the victim is unable to read email encrypted to her. A DoS that costs the attacker very little, practically nothing. > In other words, what real-world problem are we actually solving by requiring > PoP, See above. > how much existing practice will it break by doing so, and is it worth the > cost? Didn't you notice that the existing practice already includes/enforces PoP? And does not work for KEM keys?
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
