Key proof of possession #194
Labels
Future Version
Future version of the S/MIME BR
Comments
|
Maybe we could combine this with device attestation. |
srdavidson
added
Future Version
|
New internet-draft "Use of Remote Attestation with Certification Signing Requests" would make this feasible |
|
This may seem obvious... but perhaps it isn't. Why do we need a proof-of-possession of the private key? What can the Subscriber do of evil if they don't possess the private key corresponding to the certificate they obtained from a CA ? If there is an answer, than I think it's better to spell it out. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The SMCWG should discuss options for a "secure process to establish that the entity controlling the email address also controls the public-private key pair."
This is mentioned on the Mozilla GitHub policy issues board - mozilla/pkipolicy#215
@CBonnell and @BenWilson-Mozilla
The text was updated successfully, but these errors were encountered: