On 28/03/17 12:21, Rob Stradling wrote: > Increased attack surface. An undisclosed dormant sub-CA most likely has > its private key in an online HSM, and so I think it's prudent to assume > that it's more vulnerable (to being compromised by an attacker, or to > being accidentally used to misissue a cert) than an offline root key.
If it's dormant, there's no particular reason the HSM will be online. But it might be, and it doesn't make much sense to make a distinction in the policy. > IINM, the purpose (so far) of Mozilla's intermediate cert disclosure > policy is to map the attack surface. Right? That's certainly one goal :-) Does a week sound about right? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy