sameer <sameer@c2.org> writes:
I recently submitted a certificate request to Verisign for my SSL web server. Looking over the process, I don't see how it avoids MITM in any way. [...] I don't see any mechanism in place to avoid an MITM subverting step (A), and putting in his cert request in there. There isn't a strong cryptographic unforgeable relationship between my usmail/fax/proof request and the emailed kx509 cert request.
I guess the one limitation is that you would either not get the certificate (because the MITM kept it) or you would find out that it did not include your public key (if he forwarded it to you). In either case the MITM would be discovered. In the mean time he could wreak some havoc, though. But he would be found out after a few days. That's one of the things they need Certificate Revocation Lists for in their system, but I don't know if they are used. Hal