John Gray <john.g...@entrust.com> writes:
>You can replay the CSR and get the certificate request by the original >party signed by whatever CA you want, but would that do you any good if >you don't have the private key? >That's exactly the point, which others have also made in the thread. Yes, you >can do this, but then what? Or, to be pedantic, "then what that's actually >useful in practice to an attacker rather than something that justifies a >conference paper?". >In other words, what real-world problem are we actually solving by requiring >PoP, how much existing practice will it break by doing so, and is it worth the >cost? Yes, I see your point Peter. Other than "the standard says I have to do it", what does adding a signed P10 do when it can be easily replayed. CRMF (4211) is used by many protocols, but I'll stop there to not make us go around in circles. I'm working on the CMPv3 bis with David and Hendrik and Mike and we aren't planning on reworking the confirmation structure. CMP is already large and complicated enough. Thanks for your great points. My world view on the purpose of the POP has been shaken! Some of the newer PKCS#10 attributes like Key Attestation are very interesting, to get back to the proof of Origin, but I suppose without careful consideration as to how they are verified replay is possible. An attribute that bound itself to a single CA entity that did key attestation could be interesting. Maybe Sean and Carl will add that into their draft. https://datatracker.ietf.org/doc/draft-wallace-lamps-key-attestation-ext/ However is that making things too complicated again... back to 80/20 rule and round and round we go... Have a great weekend everyone! It is Thanksgiving weekend here in Canada. John Gray Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
