Does Boulder verify CSR signatures?

tialaramex · December 15, 2016, 5:48pm

Not sure how many from Let’s Encrypt read m.d.s.policy, but it seems StartCom don’t actually check submitted CSRs to see if they were really signed by the private key corresponding to the public key in the request.

This creates the embarrassing, definitely undesirable, and possibly dangerous scenario in which a subscriber can get certificates for someone else’s key pair, albeit only for names they (this subscriber) actually control. It is not, so far as we can tell so far, prohibited by the BRs or by trust store policy, but it seems like a terrible idea, I want to check Let’s Encrypt doesn’t have the same issue.

So, does Boulder verify the CSR with public key A is signed by the corresponding private key B ?

pfg · December 15, 2016, 6:02pm

Yep. This recently came up here when someone tried to submit a CSR with the public key of Let’s Encrypt’s intermediate certificate (due to a client bug).

jsha · December 15, 2016, 6:06pm

As usual, @pfg nailed it. We do check CSR signatures. Thanks for checking!

TCM · December 15, 2016, 6:10pm

I would wish for a more stringent answer like “Of course we do! WTF? Not doing it would be horrendously stupid. Get out of here!”

But this is also fine.

jsha · December 16, 2016, 8:16pm

I generally don’t say WTF or “get out of here,” because I try to be as polite and kind on here as I can, to make it a welcoming place for everybody.

TCM · December 16, 2016, 9:39pm

It was more tongue-in-cheek.

system · January 15, 2017, 9:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.