A few problems I see with the proposed text: - What is sufficient? I would go with a definition tied to the effective strength of the keys it protects; in other words, you should protect a 2048bit RSA key with something that offers similar properties or that 2048bit key does not live up to its 2048 bit properties. This is basically the same CSPRNG conversation but it's worth looking at https://www.keylength.com/ - The language should recommend that the "password" be a value that is a mix of a user-supplied value and the CSPRNG output and that the CA can not store the user-supplied value for longer than necessary to create the PKCS#12. - The strength of the password is discussed but PKCS#12 supports a bunch of weak cipher suites and it is common to find them in use in PKCS#12s. The minimum should be specified to be what Microsoft supports which is pbeWithSHAAnd3-KeyTripleDES-CBC for “privacy” of keys and for the privacy of certificates it uses pbeWithSHAAnd40BitRC2-CBC. - The language requires the use of a password when using PKCS#12s but PKCS#12 supports both symmetric and asymmetric key based protection also. While these are not broadly supported the text should not probit the use of stronger mechanisms than 3DES and a password.
Ryan _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
