Does Boulder verify CSR signatures?


#1

Not sure how many from Let’s Encrypt read m.d.s.policy, but it seems StartCom don’t actually check submitted CSRs to see if they were really signed by the private key corresponding to the public key in the request.

This creates the embarrassing, definitely undesirable, and possibly dangerous scenario in which a subscriber can get certificates for someone else’s key pair, albeit only for names they (this subscriber) actually control. It is not, so far as we can tell so far, prohibited by the BRs or by trust store policy, but it seems like a terrible idea, I want to check Let’s Encrypt doesn’t have the same issue.

So, does Boulder verify the CSR with public key A is signed by the corresponding private key B ?


#2

Yep. This recently came up here when someone tried to submit a CSR with the public key of Let’s Encrypt’s intermediate certificate (due to a client bug).


#3

As usual, @pfg nailed it. We do check CSR signatures. Thanks for checking!


#4

I would wish for a more stringent answer like “Of course we do! WTF? Not doing it would be horrendously stupid. Get out of here!”

But this is also fine. :slight_smile:


#5

I generally don’t say WTF or “get out of here,” because I try to be as polite and kind on here as I can, to make it a welcoming place for everybody. :slight_smile:


#6

It was more tongue-in-cheek.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.