5.1 Security Considerations for Implementers

The One-Time Password Certificate Enrollment Protocol does not provide message-level signing or message-level encryption for either SignCert Request messages (section 2.2.2) or SignCert Response messages (section 2.2.3). Implementers can make use of available transport protection as available in HTTPS to provide security to the client/server interaction.