I'm not sure that would be in scope for the right key list anyway. It's also probably more policy and business logic than an actual technical discussion, meaning IETF is probably not the right revenue.
-----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert....@lists.mozilla.org] On Behalf Of Peter Bowen Sent: Thursday, April 2, 2015 9:39 AM To: Phillip Hallam-Baker Cc: [email protected]; Gervase Markham Subject: Re: Consequences of mis-issuance under CNNIC On Thu, Apr 2, 2015 at 7:34 AM, Phillip Hallam-Baker <[email protected]> wrote: > Further no private key should ever be in a network accessible device > unless the following apply: > > 1) There is a path length constraint that limits issue to EE certs. > 2) It is an end entity certificate. > > Perhaps we should take this to the IETF right key list. I suggested this in another mail in this group a few days ago and Gerv had some reasonable comments on why this might not make sense. I would suggest separating this discussion from the CNNIC discussion. Thanks, Peter _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
