5.1 Security Considerations for Implementers
The X.509 Certificate Enrollment Policy Protocol does not provide message-level signing or message-level encryption for either GetPolicies (section 3.1.4.1.1.1) request messages or GetPoliciesResponse (section 3.1.4.1.1.2) response messages. Implementers should make use of available transport protection as available in HTTPS to provide security to the client/server interaction.