On 30/03/17 13:11, Gervase Markham via dev-security-policy wrote:
On 28/03/17 12:21, Rob Stradling wrote:
Increased attack surface. An undisclosed dormant sub-CA most likely has
its private key in an online HSM, and so I think it's prudent to assume
that it's more vulnerable (to being compromised by an attacker, or to
being accidentally used to misissue a cert) than an offline root key.
If it's dormant, there's no particular reason the HSM will be online.
But it might be, and it doesn't make much sense to make a distinction in
the policy.
IINM, the purpose (so far) of Mozilla's intermediate cert disclosure
policy is to map the attack surface. Right?
That's certainly one goal :-)
Does a week sound about right?
SGTM.
Presumably that week begins at either 1) the moment the intermediate is
issued or 2) the moment the CA is first granted access to the CCADB,
whichever is the latter?
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
