# Eve has now managed to deny service to Alice, by using the policy for abuse
TO DO* Have sub section about key compromise regarding CSRs and verifiable evidence In order to prevent this type of denial of compromise.* currently there is not service, the person requesting that a standard way TLS certificate be revoked for keyCompromise must have previously demonstrated or must be able to currently demonstrate possession of the private key.* document a few non-exclusive ways to confirm possession of the private certificate before the CA revokes all instances of that key across all subscribers.
=== CSRs ===TO DO* While Currently there is not a generic CSR alone does not prove standard way to demonstrate possession of the certificate's private key, could a CSR with a specific common name do (e.g. "Proof of Key Compromise for [name of CA]") ?* If Here are a CSR alone does not prove few ways that CAs may confirm possession of the certificate's private key, what kind of verifiable evidence could it be?:* Why should CA bother whether the subscriber possess the associated private key, if CA has already authenticated the subscriber? Is it meant to let CA decline the subscriber request in this case?* How can it be determined? By self-declaration of the requester?TO DO
== OCSP and CRL ==
