[cabfpub] For discussion: Restricting the use of file-based demonstrations of control

Rob Stradling rob.stradling at comodo.com
Mon Jun 2 14:15:37 UTC 2014


On 02/06/14 14:47, Ryan Sleevi wrote:
<snip>
> In practice, we tend to see filesystem-based verifications result in
> files being left on the root system, perhaps indefinitely. Additionally,
> enumerating file names - even without their contents - is also a fairly
> common attack.

Ryan, how about if the authorized CA was permitted to use each CSR hash 
value as a demonstration of control a maximum of _once_ ?

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online




More information about the Public mailing list