[cabfpub] For discussion: Restricting the use of file-based demonstrations of control

Adam Langley agl at google.com
Wed Jun 4 18:33:49 UTC 2014


On Tue, Jun 3, 2014 at 5:14 AM, Rob Stradling <rob.stradling at comodo.com> wrote:
> How does the attacker obtain the legitimate customer's CSR?

A CSR isn't generally considered secret, right? I wouldn't think to protect it.


Cheers

AGL



More information about the Public mailing list