Victor, actually, I take it back - you may be right in that last point. Need to think.
Regards, Uri > On Oct 7, 2022, at 14:59, Blumenthal, Uri - 0553 - MITLL <u...@ll.mit.edu> > wrote: > > >>> On Oct 7, 2022, at 14:42, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote: >>> >>> On Fri, Oct 07, 2022 at 06:19:15PM +0000, Blumenthal, Uri - 0553 - MITLL >>> wrote: >>> >>> Then publish the certificate. Then the victim is unable to read email >>> encrypted to her. A DoS that costs the attacker very little, >>> practically nothing. >> >> What victim is that? > > Person or organization, whose credentials and email address were in the > bogus/modified CSR. > >> All the PoP does is make it harder to convince your CA to attest that >> someone else's key is yours. It plays no role in the most critical role >> of your CA, which is to not attest that your key is someone else's. > > Concur with both points above. > >> The scenario you suggest seems to me to require the latter. > > I don’t think so. > > > >> Viktor. >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
