Simple Certificate Enrollment Protocol
Simple Certificate Enrollment Protocol is described by the informational. Older versions of this protocol became a de facto industrial standard for pragmatic provisioning of digital certificates mostly for network equipment.
The protocol has been designed to make the request and issuing of digital certificates as simple as possible for any standard network user. These processes have usually required intensive input from network administrators, and so have not been suited to large-scale deployments.
Popularity
The Simple Certificate Enrollment Protocol still is the most popular and widely available certificate enrollment protocol, being used by numerous manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users. It is used, for example, by the Cisco Internetworking Operating System, though Cisco promotes the Enrollment over Secure Transport, with additional features, and iPhones to enroll in enterprise public key infrastructure. Most PKI software supports it, including the Network Device Enrollment Service of Active Directory Certificate Service and Intune.Criticism
- Legacy versions of SCEP, which still are employed in the vast majority of implementations, are limited to enrolling certificates for RSA keys only.
- Due to the use of the self-signed PKCS#10 format for Certificate Signing Requests, certificates can be enrolled only for keys that support signing. A limitation shared by other enrollment protocols based on PKCS#10 CSRs, e.g., EST and ACME, or even the web-based enrollment workflow of most PKI software where the requester starts by generating a key pair and a CSR in PKCS#10 format. For example ACME, which also uses PKCS#10, issues TLS certificates which by definition must be capable of signing for the TLS handshake. However this distinction is so far mostly theoretical since in practice all algorithms commonly used with certificates support signing. This may change with post-quantum cryptography where some keys only support KEM. The CRMF format, as used by Certificate Management Protocol and CMS, is more flexible here, supporting also keys that are usable for encryption only.
- Although proof-of-origin of certificate enrollment requests, i.e., authentication of the certificate requester, is the most critical security requirement, for pragmatic reasons its support is not strictly required within SCEP. Signature-based client authentication using an already existing certificate would be the preferred mechanism but in many use cases is not possible or not supported by the given deployments. As an alternative, SCEP just provides the use of a shared secret, which should be client-specific and used only once.
- The confidentiality of the shared secret optionally used for source authentication is fragile because it must be included in the 'challengePassword' field of the CSR, which is then protected by an outer encryption. It would have been more secure to use a password-based MAC algorithm such as HMAC.
- Encrypting the whole PKCS#10 structure in order to protect the 'challengePassword' field has a further drawback: the whole CSR becomes unreadable for all parties except the intended ultimate receiver, although most of its content is not confidential. So the PKCS#10 structure cannot be checked by intermediate agents such as an RA.