Hello all, I'd have an open question about the possibility (from a compliance standpoint) of having an ECC 256 subordinate under an RSA 2048 Root.
If I look at the WebTrust criteria, I can see this: **** 4.1.3 CA key generation generates keys that: a) use a key generation algorithm as disclosed within the CA’s CP and/or CPS; b) have a key length that is appropriate for the algorithm and for the validity period of the CA certificate as disclosed in the CA’s CP and/or CPS. The public key length to be certified by a CA is less than or equal to that of the CA’s private signing key; and c) take into account requirements on parent and subordinate CA key sizes and have a key size in accordance with the CA’s CP and/or CPS. **** My reading of this criteria is that it's not possible to have a subordinate with a stronger key than the issuer, but this is unclear when mixing algorithms. In theory, an ECC 256 subordinate has a stronger crypto than an RSA 2048 Root, so if I read the above criteria in terms of crypto strength, I get the impression that this is nor allowed. But I don't know if this is an appropriate interpretation of the rules. Can anyone help me to see the light? Thanks! Pedro _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy