[cabfpub] For discussion: Restricting the use of file-based demonstrations of control
ryan.hurst at globalsign.com
Wed Jun 4 18:38:07 UTC 2014
It may contain PII or be transferred with a transaction id of some sort so
almost always goes over SSL at a minimum.
On Wed, Jun 4, 2014 at 11:33 AM, Adam Langley <agl at google.com> wrote:
> On Tue, Jun 3, 2014 at 5:14 AM, Rob Stradling <rob.stradling at comodo.com>
> > How does the attacker obtain the legitimate customer's CSR?
> A CSR isn't generally considered secret, right? I wouldn't think to
> protect it.
> Public mailing list
> Public at cabforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public