> On Oct 7, 2022, at 14:42, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote: > > On Fri, Oct 07, 2022 at 06:19:15PM +0000, Blumenthal, Uri - 0553 - MITLL > wrote: > >> Then publish the certificate. Then the victim is unable to read email >> encrypted to her. A DoS that costs the attacker very little, >> practically nothing. > > What victim is that?
Person or organization, whose credentials and email address were in the bogus/modified CSR. > All the PoP does is make it harder to convince your CA to attest that > someone else's key is yours. It plays no role in the most critical role > of your CA, which is to not attest that your key is someone else's. Concur with both points above. > The scenario you suggest seems to me to require the latter. I don’t think so. > Viktor. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
