[cabfpub] For discussion: Restricting the use of file-based demonstrations of control
Ryan Hurst
ryan.hurst at globalsign.com
Wed Jun 4 18:38:07 UTC 2014
It may contain PII or be transferred with a transaction id of some sort so
almost always goes over SSL at a minimum.
Ryan
On Wed, Jun 4, 2014 at 11:33 AM, Adam Langley <agl at google.com> wrote:
> On Tue, Jun 3, 2014 at 5:14 AM, Rob Stradling <rob.stradling at comodo.com>
> wrote:
> > How does the attacker obtain the legitimate customer's CSR?
>
> A CSR isn't generally considered secret, right? I wouldn't think to
> protect it.
>
>
> Cheers
>
> AGL
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140604/f6dbd260/attachment-0003.html>
More information about the Public
mailing list