On Tue, Oct 29, 2024 at 6:03 PM 'Aaron Gable' via [email protected] <[email protected]> wrote: ><snip> > And so finally, the strongest reason of all: per the Baseline Requirements, > if a CA treats a key as compromised, then they are required to revoke all > other certificates which share that key within 24 hours. Therefore a CA has a > prerogative to treat a key as compromised only when that compromise has been > demonstrated (e.g. by seeing the private key themselves, receiving an ACME > revocation request signed by that key, or receiving a CSR with a "this key is > compromised" subject signed by that key). Otherwise they open themselves up > to denial-of-service attacks: a malicious actor could identify a victim site, > apply for a certificate containing the same public key, revoke that > certificate with reason unspecified, and let the CA do the rest of the work > to treat that as a keyCompromise and revoke the target site's cert as well.
Minor technical note: a CSR proves possession of the key, so this isn't possible AFAIK. > Aaron > > -- > You received this message because you are subscribed to the Google Groups > "[email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAEmnEreLnZH2eqLc2QmBoDTmkRNcrRkYt9h%3DMNAv5gPDZynKqw%40mail.gmail.com. -- Astra mortemque praestare gradatim -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CACsn0cnu%2Bx5Ly8%3DDUS-pyzxgJZ%3DOUfwbwKxdtKNzgw7WgScWgQ%40mail.gmail.com.
