On 14/11/2016 16:31, Peter Bowen wrote:
On Mon, Nov 14, 2016 at 7:14 AM, Gervase Markham <g...@mozilla.org> wrote:
On 14/11/16 14:00, Peter Bowen wrote:
It is very easy to mint TCSCs at scale without violating the letter or
the spirit of the BRs and other requirements.
I guess I didn't mean to imply that it was hard or easy, only that it
hasn't been done so far. But I did wonder about auditors witnessing key
ceremonies - would that be a necessary component? Does that make things
more complicated?
1) Auditors are not required to witness key generation ceremonies for
non-Root CA keys when the new CA is operated by the same entity as the
parent CA.
2) There is no requirement that the binding between CA distinguished name
and key pair occur during the key generation ceremony
3) There is no requirement that each CA have a unique key pair.
Combine all three of these and there are multiple paths to easy TCSC
creation.
#3 would be in apparent violation of the BR applicability document you
proposed in another thread. Alternative would be to pre-create
resellable TCSC key pairs in advance during auditor visits, then throw
away unsold ones at the next such ceremony.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
