5.1 Security Considerations for Implementers

The X.509 Certificate Enrollment Policy Protocol does not provide message-level signing or message-level encryption for either GetPolicies (section 3.1.4.1.1.1) request messages or GetPoliciesResponse (section 3.1.4.1.1.2) response messages. Implementers should make use of available transport protection as available in HTTPS to provide security to the client/server interaction.