What is the purpose of challenge password in simple certificate enrollment protocol (SCEP)?
My understanding is that it is used to authenticate devices.
My question is : How it is different from authentication done by using public and private key pairs?
If a certificate is compromised (the private key is stolen, etc.) the certificate needs to be revoked as it will remain valid till the end of it's term.
Any administrator with access to a cert can revoke the cert. If a challenge password was specified during the certificate signing request that password will be required before the cert can be revoked.
So, it seems the sole purpose of the challenge password is to prevent revocation by someone without the password.